Wireless Access

Hello All,
I have a hopefully quick and easy question...  I have an MM setup with quite a few tiers configured

• Company
  • Region 1
    • Site 1
      • MDs
    • Site 2
      • MDs
    • Region 2
      • Site 3
        • MDs
      • Site 4
        • MDs
      • Region 3
        • Site 5
          • MDs
        • Site 6
          • MDs
        • Site 7
          • MDs
        • Site 8
          • MDs

I am building EAP-TLS authentication for my org and thus creating new user roles for each scenario to be as granular as possible.  All sites are identical except for Site 8.  So, I build my roles at the Company level, thus pushing my roles out to every controller.  The setting that needs to change at Site 8 is a single user-role ACL.  Naturally, I thought, push out to everything then overwrite at the Site 8 level as I would in our Airwave/iAP setup.  The issue here is, I cannot modify the roles because it was created at a higher level in the hierarchy.

What options do I have to push this configuration to all sites in as bulk a fashion as possible while being able to overwrite for Site 8?

1. Use Disaster Recovery and create a local config for that role at the Site 8 level
2. Preserve the config and pull that single MD out of my /md/company chain so it is in it's own "company" tier
3. configure per region, then when I get to Region 3, configure per site (least desired option)

Tips and advise are much welcomes!


------------------------------
Ian Fritchy
------------------------------

For site 8 , are you planning on failing over APs to any other sites ? if the answer is no, just configure the user-role needed for Site 8 under the Site 8 folder.

Unfortunately certain settings cant be overwritten at a subfolder level, push all global config from global folder and if theres certain specific config you do it at the folder level.

Hope this helps.

------------------------------
Victor Fabian, ACEX#8
Mobility Architect @ WEI
------------------------------

Original Message:
Sent: Apr 08, 2021 01:41 PM
From: Ian Fritchy
Subject: Overwrite Hierarchical Config on MD from MM

Hello All,
I have a hopefully quick and easy question...  I have an MM setup with quite a few tiers configured

• Company
  • Region 1
    • Site 1
      • MDs
    • Site 2
      • MDs
    • Region 2
      • Site 3
        • MDs
      • Site 4
        • MDs
      • Region 3
        • Site 5
          • MDs
        • Site 6
          • MDs
        • Site 7
          • MDs
        • Site 8
          • MDs

I am building EAP-TLS authentication for my org and thus creating new user roles for each scenario to be as granular as possible.  All sites are identical except for Site 8.  So, I build my roles at the Company level, thus pushing my roles out to every controller.  The setting that needs to change at Site 8 is a single user-role ACL.  Naturally, I thought, push out to everything then overwrite at the Site 8 level as I would in our Airwave/iAP setup.  The issue here is, I cannot modify the roles because it was created at a higher level in the hierarchy.

What options do I have to push this configuration to all sites in as bulk a fashion as possible while being able to overwrite for Site 8?

1. Use Disaster Recovery and create a local config for that role at the Site 8 level
2. Preserve the config and pull that single MD out of my /md/company chain so it is in it's own "company" tier
3. configure per region, then when I get to Region 3, configure per site (least desired option)

Tips and advise are much welcomes!


------------------------------
Ian Fritchy
------------------------------

Thanks, I figured that was the case.  No AP failover so I can create a new role.  Having a second role for Site 8 is what I'm doing today but with all the fun aspects of the EAP-TLS setup, I was hoping to use identical roles and clean up the flow a little bit.

Appreciate the response!

------------------------------
Ian Fritchy
------------------------------

Original Message:
Sent: Apr 08, 2021 01:56 PM
From: Victor Fabian
Subject: Overwrite Hierarchical Config on MD from MM

For site 8 , are you planning on failing over APs to any other sites ? if the answer is no, just configure the user-role needed for Site 8 under the Site 8 folder.

Unfortunately certain settings cant be overwritten at a subfolder level, push all global config from global folder and if theres certain specific config you do it at the folder level.

Hope this helps.

------------------------------
Victor Fabian, ACEX#8
Mobility Architect @ WEI

Original Message:
Sent: Apr 08, 2021 01:41 PM
From: Ian Fritchy
Subject: Overwrite Hierarchical Config on MD from MM

Hello All,
I have a hopefully quick and easy question...  I have an MM setup with quite a few tiers configured

• Company
  • Region 1
    • Site 1
      • MDs
    • Site 2
      • MDs
    • Region 2
      • Site 3
        • MDs
      • Site 4
        • MDs
      • Region 3
        • Site 5
          • MDs
        • Site 6
          • MDs
        • Site 7
          • MDs
        • Site 8
          • MDs

I am building EAP-TLS authentication for my org and thus creating new user roles for each scenario to be as granular as possible.  All sites are identical except for Site 8.  So, I build my roles at the Company level, thus pushing my roles out to every controller.  The setting that needs to change at Site 8 is a single user-role ACL.  Naturally, I thought, push out to everything then overwrite at the Site 8 level as I would in our Airwave/iAP setup.  The issue here is, I cannot modify the roles because it was created at a higher level in the hierarchy.

What options do I have to push this configuration to all sites in as bulk a fashion as possible while being able to overwrite for Site 8?

1. Use Disaster Recovery and create a local config for that role at the Site 8 level
2. Preserve the config and pull that single MD out of my /md/company chain so it is in it's own "company" tier
3. configure per region, then when I get to Region 3, configure per site (least desired option)

Tips and advise are much welcomes!


------------------------------
Ian Fritchy
------------------------------