Configuring Access Guardian Access Guardian Overview
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-12
Access Guardian Overview
Access Guardian is a combination of authentication, device compliance, and access control functions that
provide a proactive solution for network security. Implemented through the switch hardware and software,
Access Guardian helps administrators:
• Determine who is on the network.
• Check if end users are compliant.
• Direct what end users can access within the network.
As shown in the following diagram, the Access Guardian features work together to provide a dynamic,
integrated security framework:
1 Authentication—Device authentication is attempted through OmniSwitch interaction with a RADIUS
server, a Unified Policy Access Manager (UPAM) server, or a ClearPass Policy Manager (CPPM) server.
If device authentication fails to return a profile assignment for a device, then device classification is
attempted. See “Device Authentication” on page 28-13 for more information.
2 Classification—Device classification into a profile is attempted through the local OmniSwitch
configuration or through interaction with a UPAM or CPPM server. See “Device Classification” on
page 28-14 for more information.
2. Classification
1. Authentication
802.1X, MAC, Captive Portal
(RADIUS server, BYOD ClearPass)
UNP profile rules, UNP port
default profiles, BYOD ClearPass
UNP profiles, QoS policy lists,
Captive Portal, BYOD ClearPass
3. Restrict or
Restricted roles, Re-authentication,
Quarantine, Remediation, filter MAC
3. Role-Based
Access
Block Access
To Next Page
Loading...
Need help?
General
