Group
Devices that fail normal authentication and that match specific Location and Schedule conditions are called the UnAuth Group, and are connected to a dedicated network.
For more information on UnAuth Group, Refer to Quick Tour/Providing Guest Network by UnAuth Group > What is UnAuth Group.
In addition, authentication can be performed using the policy set for the tag instead of the policy set for the Device ID (Device) registered with AMF Security.
For more information on tags, refer to Quick Tour/Authentication using Tag > What is authentication using Tag.
UnAuth Group List
This page shows a list of the UnAuth Group registered in AMF Security's database.
| Item Name | Search | Sort |
|---|---|---|
| Group ID | × | × |
| Enabled | × | × |
| Note | × | × |
| Number of Policies | × | × |
| Item Name | Description |
|---|---|
| Group ID | ID (Name) of the UnAuth Group. |
| Enabled | Whether the group is enabled or not. |
| Note | Arbitrary string (comment) for the Group. |
| Number of Policies | Number of security policies applied to the group. |
| Item Name | Description |
|---|---|
| Page Top | |
| Add UnAuth Group | Open the Add UnAuth Group page. |
| Export to CSV | Start downloading of a list of the UnAuth Group in CSV format. |
| UnAuth Group List | |
| Delete Selected | Delete all the checked groups. |
| Edit | Open the Update UnAuth Group page for the selected group. |
| Delete | Delete the group. |
NoteRefer to Appendix/CSV File for CSV Files.
Add UnAuth Group
This page lets you add a new UnAuth Group.
| Item Name | Description |
|---|---|
| Enabled | Uncheck this if you want the group to be disabled. |
| Group ID (Mandatory) | ID (Name) of the group to register. Group ID must be unique. Max 255 characters |
| Note | Arbitrary string (comment) for the Group. Max 255 characters. |
| Only detecting the device. | Check this if you want the group to be used only for detecting unregistered devices without allowing them to access the network. |
| Item Name | Description |
|---|---|
| Policies | |
| Policies | List of security policies attached to the group. |
| Priority | A priority value of the security policy. |
| Network | ID of the network to which AMF Security assigns the device in the group. |
| Location | ID (Name) of the location. |
| Schedule | A Schedule ID. |
| Item Name | Description |
|---|---|
| Policies | |
| Add | Open the Edit Policy dialog to add a new security policy for the UnAuth Group. |
| Edit | Open the Edit Policy dialog to edit the selected security policy. |
| Delete | Mark to delete the security policy attached to the device. The security policy to be deleted is indicated with the DEL mark on the left side of its record line. |
| Revert | Clear the DEL mark on the security policy. |
| Page Bottom | |
| Submit | Add a new group with the input information on this page and subordinate dialogs by committing the information for the newly added group. |
| Cancel | Cancel the operation for adding the new group. |
NoteInterfaces and security policies marked with DEL is deleted when the "Submit" button is clicked. Once you click the "Submit" button, you cannot undo the delete operations.
Edit Policy
This dialog lets you add a new security policy to the group or update an existing security policy attached to the group.
| Item Name | Description |
|---|---|
| Priority (Mandatory) | A priority value of the security policy. It must be an integer in the range of 0 to 255. When multiple security policies are set, the Device registered to the device of the UnAuth Group is connected to OpenFlow Switches or AMF Members, it is determined whether the security policy with the lowest priority value matches in order. |
| Network | Select the network to connect devices that fail normal authentication. Maximum 100 IDs of the existing networks are shown in the dropdown list. If you enter text in the field, Network IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Network ID, VLAN ID or Note (it shows maximum 100 elements). From the dropdown list, select a Network ID. If the registered device is connected to the OpenFlow Switch, AMF Member (Edge Node), or TQ's AMF Application Proxy, it is connected to the VLAN subnet configured in the network. If the network is not registered in the device (if this setting is blank or the VLAN ID is set to 0 in the network security policy setting), the OpenFlow Switch uses untagged VLAN (subnet without VLAN) and AMF Member Is connected to the VLAN set for the AMF Member. The connection to the VLAN subnet is realized by sending as a tagged VLAN with the set VLAN ID when it is sent to the upper network of the connected OpenFlow Switches and AMF Members. You have to add the network before assigning a device to the network. Refer to Policy Settings > Add Network for the instruction on how to register a network. Also, if the registered device is connected to the TQ's AMF Application Proxy, it depends on the TQ settings. Refer to Quick Tour/What is AMF Security > TQ's AMF Application Proxy/Behavior when using TQ dynamic VLAN. |
| Location | Specify a location where the unauthenticated device can be so that it is categorized in the group. Maximum 100 IDs of the existing locations are shown in the dropdown list. If you enter text in the field, location IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Location ID or Note (it shows maximum 100 elements). From the dropdown list, select a Location ID. If you specify Location, the UnAuth Group can access the network only from OpenFlow Switches and AMF Members in the location. If you do not specify Location, the UnAuth group can access the network from all OpenFlow Switches and AMF Members. You have to add the location before specifying it for a group. Refer to Policy Settings > Add Location for the instructions on how to add locations. |
| Schedule | Specify a schedule when the unauthenticated device can be connected to the network so that it is categorized in the group. Maximum 100 IDs of the existing schedules are shown in the dropdown list. If you enter text in the field, Schedule IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Schedule ID or Note (it shows maximum 100 elements). From the dropdown list, select a Schedule ID. If you specify a Schedule, the group can access the network only when the schedule is effective. If you do not specify a schedule, a device can always access the network. You have to add the schedule before specifying it for a group. Refer to Policy Settings > Add Schedule for the instruction on how to register a schedule. |
NoteIf OpenFlow Switch has access to untagged VLAN (subnet without VLAN) and AMF Member to the VLAN set as AMF Member, depending on the switch setting, the device may be able to connect to the equipment on the control plane.
NoteTQ's AMF Application Proxy does not support location and schedule items.
| Item Name | Description |
|---|---|
| Bottom of the dialog | |
| Submit | Add or update the security policy information. |
| Cancel | Cancel the operation for adding or updating policy. |
Update UnAuth Group
This page lets you update the information of an existing UnAuth Group.
| Item Name | Description |
|---|---|
| Enabled | Uncheck this if you want the group to be disabled. |
| Group ID (Mandatory) | ID (Name) of the group to be created. Group ID must be unique. Max 255 characters |
| Note | Arbitrary string (comment) for the Group. Max 255 characters. |
| Only detecting the device. | Check this if you want the group to be used only for detecting unregistered devices without allowing them to access the network. If this option is enabled, devices in the group cannot access the network even if the Network is specified in the security policy for the group. |
| Item Name | Description |
|---|---|
| Policies | |
| Policies | List of security policies attached to the group. |
| Priority | A priority value of the security policy. |
| Network | ID of the network to which AMF Security assigns the device in the group. |
| Location | ID (Name) of the location. |
| Schedule | A Schedule ID. |
| Item Name | Description |
|---|---|
| Policies | |
| Add | Open the Edit Policy dialog to add a new security policy for the UnAuth Group. |
| Edit | Open the Edit Policy dialog to edit the selected security policy. |
| Delete | Mark to delete the security policy attached to the device. The security policy to be deleted is indicated with the DEL mark on the left side of its record line. |
| Revert | Clear the DEL mark on the security policy. |
| Page Bottom | |
| Submit | Update the group with the input information on this page and subordinate dialogs by committing the information for the existing group. |
| Cancel | Cancel the operation for updating the group. |
NoteInterfaces and security policies marked with DEL is deleted when the "Submit" button is clicked. Once you click the "Submit" button, you cannot undo the delete operations.
Edit Policy
This dialog lets you add a new security policy to the group or update an existing security policy attached to the group.
| Item Name | Description |
|---|---|
| Priority (Mandatory) | A priority value of the security policy. It must be an integer in the range of 0 to 255. When multiple security policies are set, the Device registered to the device of the UnAuth Group is connected to OpenFlow Switches or AMF Members, it is determined whether the security policy with the lowest priority value matches in order. |
| Network | Select the network to connect devices that fail normal authentication. Maximum 100 IDs of the existing networks are shown in the dropdown list. If you enter text in the field, Network IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Network ID, VLAN ID or Note (it shows maximum 100 elements). From the dropdown list, select a Network ID. If the registered device is connected to the OpenFlow Switch, AMF Member (Edge Node), or TQ's AMF Application Proxy, it is connected to the VLAN subnet configured in the network. If the network is not registered in the device (if this setting is blank or the VLAN ID is set to 0 in the network security policy setting), the OpenFlow Switch uses untagged VLAN (subnet without VLAN) and AMF Member Is connected to the VLAN set for the AMF Member. The connection to the VLAN subnet is realized by sending as a tagged VLAN with the set VLAN ID when it is sent to the upper network of the connected OpenFlow Switches and AMF Members. You have to add the network before assigning a device to the network. Refer to Policy Settings > Add Network for the instruction on how to register a network. Also, if the registered device is connected to the TQ's AMF Application Proxy, it depends on the TQ settings. Refer to Quick Tour/What is AMF Security > TQ's AMF Application Proxy/Behavior when using TQ dynamic VLAN. |
| Location | Specify a location where the unauthenticated device can be so that it is categorized in the group. Maximum 100 IDs of the existing locations are shown in the dropdown list. If you enter text in the field, location IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Location ID or Note (it shows maximum 100 elements). From the dropdown list, select a Location ID. If you specify Location, the UnAuth Group can access the network only from OpenFlow Switches and AMF Members in the location. If you do not specify Location, the UnAuth group can access the network from all OpenFlow Switches and AMF Members. You have to add the location before specifying it for a group. Refer to Policy Settings > Add Location for the instructions on how to add locations. |
| Schedule | Specify a schedule when the unauthenticated device can be connected to the network so that it is categorized in the group. Maximum 100 IDs of the existing schedules are shown in the dropdown list. If you enter text in the field, Schedule IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Schedule ID or Note (it shows maximum 100 elements). From the dropdown list, select a Schedule ID. If you specify a Schedule, the group can access the network only when the schedule is effective. If you do not specify a schedule, a device can always access the network. You have to add the schedule before specifying it for a group. Refer to Policy Settings > Add Schedule for the instruction on how to register a schedule. |
NoteIf OpenFlow Switch has access to untagged VLAN (subnet without VLAN) and AMF Member to the VLAN set as AMF Member, depending on the switch setting, the device may be able to connect to the equipment on the control plane.
NoteTQ's AMF Application Proxy does not support location and schedule items.
| Item Name | Description |
|---|---|
| Bottom of the dialog | |
| Submit | Add or update the security policy information. |
| Cancel | Cancel the operation for adding or updating policy. |
Tag List
This page shows the list of tags registered in AMF Security's database.
| Item Name | Search | Sort |
|---|---|---|
| Tag | × | × |
| Note | × | × |
| Number of Policies | × | × |
| Item Name | Description |
|---|---|
| Tag | Name of the tag. |
| Note | Arbitrary string (comment) for the tag. |
| Number of Policies | Number of security policies applied to the tag. |
| Item Name | Description |
|---|---|
| Page Top | |
| Add Tag | Open the Add Tag page. |
| Export to CSV | Start downloading of a list of tags in CSV format. |
| Tag List | |
| Delete Selected | Delete all the checked tags. |
| Edit | Open the Update Tag page for the selected tag. |
| Delete | Delete the tag. |
NoteRefer to Appendix/CSV File for CSV Files.
Add Tag
This page lets you add a new tag.
| Item Name | Description |
|---|---|
| Tag (Mandatory) | This is the tag name to be registered with AMF Security. Tag must be unique. The tag should be the same as the "Tag" set in the "Device ID" registered on the Device > Device List page. A tag can be up to 16 characters long, and can contain alphanumeric characters (excluding semicolons (;)), symbols, and Japanese characters. |
| Note | Arbitrary string (comment) for the tag. Max 255 characters. |
| Item Name | Description |
|---|---|
| Policies | List of security policies which are being applied to the tag. |
| Priority | A priority value of the security policy. |
| Network | This is the Network ID that connects the device registered in "Device ID" on the Device > Device List page that has the same tag as the tag registered here. |
| Location | ID (Name) of the location. |
| Schedule | A Schedule ID. |
| Item Name | Description |
|---|---|
| Policies | |
| Add | Open the Edit Policy dialog to register new security policy for the tag. |
| Edit | Open the Edit Policy dialog to edit the selected security policy. |
| Delete | Mark to delete the security policy attached to the device. The security policy to be deleted is indicated with the DEL mark on the left side of its record line. |
| Revert | Clear the DEL mark on the security policy. |
| Page Bottom | |
| Submit | Add a new tag with the input data. |
| Cancel | Cancel the operation for adding a new tag. |
NoteSecurity policies marked with DEL is deleted when the "Submit" button is clicked. Once you click the "Submit" button, you cannot undo the delete operations.
Edit Policy
This dialog lets you add a new security policy to the device or update an existing security policy attached to the tag.
| Item Name | Description |
|---|---|
| Priority (Mandatory) | A priority value of the security policy. It must be an integer in the range of 0 to 255. When multiple security policies are set, the device registered in "Device ID" is connected to OpenFlow Switches or AMF Members (Edge Node), or the TQ's AMF Application Proxy, it is determined whether the security policy with the lowest priority value matches in order. |
| Network | ID of the network which AMF Security assigns the device to. Maximum 100 IDs of the existing networks are shown in the dropdown list. If you enter text in the field, Network IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Network ID, VLAN ID or Note (it shows maximum 100 elements). From the dropdown list, select a Network ID. If the registered device is connected to the OpenFlow Switch, AMF Member (Edge Node), or TQ's AMF Application Proxy, it is connected to the VLAN subnet configured in the network. If the network is not registered in the device (if this setting is blank or the VLAN ID is set to 0 in the network security policy setting), the OpenFlow Switch uses untagged VLAN (subnet without VLAN) and AMF Member Is connected to the VLAN set for the AMF Member. The connection to the VLAN subnet is realized by sending as a tagged VLAN with the set VLAN ID when it is sent to the upper network of the connected OpenFlow Switches and AMF Members. You have to add the network before assigning a device to the network. Refer to Policy Settings > Add Network for the instruction on how to register a network. Also, if the registered device is connected to the TQ's AMF Application Proxy, it depends on the TQ settings. Refer to Quick Tour/What is AMF Security > TQ's AMF Application Proxy/Behavior when using TQ dynamic VLAN. |
| Location | Specify a location categorized in the tag. Maximum 100 IDs of the existing locations are shown in the dropdown list. If you enter text in the field, location IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Location ID or Note (it shows maximum 100 elements). From the dropdown list, select a Location ID. If you specify Location, the UnAuth Group can access the network only from OpenFlow Switches and AMF Members in the location. If you do not specify Location, the UnAuth group can access the network from all OpenFlow Switches and AMF Members. You have to add the location before specifying it for a tag. Refer to Policy Settings > Add Location for the instructions on how to add locations. |
| Schedule | Specify a schedule categorized in the tag. Maximum 100 IDs of the existing schedules are shown in the dropdown list. If you enter text in the field, Schedule IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Schedule ID or Note (it shows maximum 100 elements). From the dropdown list, select a Schedule ID. If you specify a Schedule, the group can access the network only when the schedule is effective. If you do not specify a schedule, a device can always access the network. You have to add the schedule before specifying it for a tag. Refer to Policy Settings > Add Schedule for the instruction on how to register a schedule. |
NoteIf OpenFlow Switch has access to untagged VLAN (subnet without VLAN) and AMF Member to the VLAN set as AMF Member, depending on the switch setting, the device may be able to connect to the equipment on the control plane.
NoteTQ's AMF Application Proxy does not support location and schedule items.
| Item Name | Description |
|---|---|
| Bottom of the dialog | |
| Submit | Add or update the security policy information. |
| Cancel | Cancel the operation for adding or updating policy. |
Update Tag
This page lets you update the information of an existing tag.
| Item Name | Description |
|---|---|
| Tag (Mandatory) | This is the tag name to be registered with AMF Security. Tag must be unique. The tag should be the same as the "Tag" set in the "Device ID" registered on the Device > Device List page. A tag can be up to 16 characters long, and can contain alphanumeric characters (excluding semicolons (;)), symbols, and Japanese characters. |
| Note | Arbitrary string (comment) for the tag. Max 255 characters. |
| Item Name | Description |
|---|---|
| Policies | List of security policies which are being applied to the tag. |
| Priority | A priority value of the security policy. |
| Network | This is the Network ID that connects the device registered in "Device ID" on the Device > Device List page that has the same tag as the tag registered here. |
| Location | ID (Name) of the location. |
| Schedule | A Schedule ID. |
| Item Name | Description |
|---|---|
| Policies | |
| Add | Open the Edit Policy dialog to register new security policy for the tag. |
| Edit | Open the Edit Policy dialog to edit the selected security policy. |
| Delete | Mark to delete the security policy attached to the device. The security policy to be deleted is indicated with the DEL mark on the left side of its record line. |
| Revert | Clear the DEL mark on the security policy. |
| Page Bottom | |
| Submit | Update the tag with the input information. |
| Cancel | Cancel the operation for updating the tag. |
NoteSecurity policies marked with DEL is deleted when the "Submit" button is clicked. Once you click the "Submit" button, you cannot undo the delete operations.
Edit Policy
This dialog lets you add a new security policy to the device or update an existing security policy attached to the tag.
| Item Name | Description |
|---|---|
| Priority (Mandatory) | A priority value of the security policy. It must be an integer in the range of 0 to 255. When multiple security policies are set, the device registered in "Device ID" is connected to OpenFlow Switches or AMF Members (Edge Node), or the TQ's AMF Application Proxy, it is determined whether the security policy with the lowest priority value matches in order. |
| Network | ID of the network which AMF Security assigns the device to. Maximum 100 IDs of the existing networks are shown in the dropdown list. If you enter text in the field, Network IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Network ID, VLAN ID or Note (it shows maximum 100 elements). From the dropdown list, select a Network ID. If the registered device is connected to the OpenFlow Switch, AMF Member (Edge Node), or TQ's AMF Application Proxy, it is connected to the VLAN subnet configured in the network. If the network is not registered in the device (if this setting is blank or the VLAN ID is set to 0 in the network security policy setting), the OpenFlow Switch uses untagged VLAN (subnet without VLAN) and AMF Member Is connected to the VLAN set for the AMF Member. The connection to the VLAN subnet is realized by sending as a tagged VLAN with the set VLAN ID when it is sent to the upper network of the connected OpenFlow Switches and AMF Members. You have to add the network before assigning a device to the network. Refer to Policy Settings > Add Network for the instruction on how to register a network. Also, if the registered device is connected to the TQ's AMF Application Proxy, it depends on the TQ settings. Refer to Quick Tour/What is AMF Security > TQ's AMF Application Proxy/Behavior when using TQ dynamic VLAN. |
| Location | Specify a location categorized in the tag. Maximum 100 IDs of the existing locations are shown in the dropdown list. If you enter text in the field, location IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Location ID or Note (it shows maximum 100 elements). From the dropdown list, select a Location ID. If you specify Location, the UnAuth Group can access the network only from OpenFlow Switches and AMF Members in the location. If you do not specify Location, the UnAuth group can access the network from all OpenFlow Switches and AMF Members. You have to add the location before specifying it for a tag. Refer to Policy Settings > Add Location for the instructions on how to add locations. |
| Schedule | Specify a schedule categorized in the tag. Maximum 100 IDs of the existing schedules are shown in the dropdown list. If you enter text in the field, Schedule IDs in the dropdown list are dynamically filtered to the ones which contain the input text in Schedule ID or Note (it shows maximum 100 elements). From the dropdown list, select a Schedule ID. If you specify a Schedule, the group can access the network only when the schedule is effective. If you do not specify a schedule, a device can always access the network. You have to add the schedule before specifying it for a tag. Refer to Policy Settings > Add Schedule for the instruction on how to register a schedule. |
NoteIf OpenFlow Switch has access to untagged VLAN (subnet without VLAN) and AMF Member to the VLAN set as AMF Member, depending on the switch setting, the device may be able to connect to the equipment on the control plane.
NoteTQ's AMF Application Proxy does not support location and schedule items.
| Item Name | Description |
|---|---|
| Bottom of the dialog | |
| Submit | Add or update the security policy information. |
| Cancel | Cancel the operation for adding or updating policy. |
19 Apr 2023 14:12