7 configuring access conditions, Configuring access conditions – H3C Technologies H3C Intelligent Management Center User Manual

103

7 Configuring access conditions

Access conditions are important in BYOD, including time, location, endpoint device, network type, and

other elements to meet for network access.
BYOD also uses the following concepts:

•

Access policy—Defines a set of control methods for endpoint users. For more information, see

"

Configuring access policies

."

•

Access scenario—Defines the access policy to take effect on a specific access condition.

To implement BYOD, the following workflow applies:

1.

In UAM, the operator defines access conditions and access policies.

2.

In UAM, the operator defines one or more access scenarios for a specific service, and maps
access conditions to access policies in each access scenario.

3.

When an endpoint user attempts to access the network by using the service, UAM identifies the
access conditions for the endpoint user and applies the correct access policy to the endpoint user.

UAM identifies endpoint users based on a set of access conditions, as shown in

Table 13

.

Table 13 Access conditions

Access condition

Description

Access period policy

Different access conditions apply if the time periods at which the endpoint users
access the network match two or more access period policies. For more information,

see "

Configuring access period policies

."

Access device group

Different access conditions apply if the access devices to which the endpoint users
connect are located in two or more access device groups. For more information, see

"

Configuring access device groups

."

SSID group

Different access conditions apply if the SSIDs to which the wireless users connect are
located in two or more SSID groups. For more information, see "

Configuring SSID

groups

."

Endpoint IP group

Different access conditions apply if the endpoints' IP addresses are located in two or
more endpoint IP groups. For more information, see "

Configuring endpoint IP

groups

."

Endpoint MAC group

Different access conditions apply if the endpoints' MAC addresses are located in
two or more endpoint MAC groups. For more information, see "

Configuring

endpoint MAC groups

."

Endpoint vendor group

Different access conditions apply if the endpoint vendors (for example, HP and
Apple) are located in two or more endpoint vendor groups. For more information,

see "

Configuring endpoint vendor groups

."

Endpoint type group

Different access conditions apply if the endpoint types (for example, PC, mobile,
and iPhone) are located in two or more endpoint type groups. For more information,
see "

Configuring endpoint type groups

."

Endpoint OS group

Different access conditions apply if the endpoint operating systems (for example,

Windows, iOS/OS X, and Android) are located in two or more endpoint OS
groups. For more information, see "

Configuring endpoint OS groups

."