Configuring Access Guardian Interaction With Other Features
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-26
Interaction With Other Features
This section contains important information about how other OmniSwitch features interact with Access
Guardian. Refer to the specific chapter for each feature to get more detailed information about how to
configure and use the feature.
Authentication, Authorization, and Accounting (AAA)
The AAA configuration for the switch determines the following for Access Guardian functionality:
• Which RADIUS servers, Unified Policy Access Manager (UPAM) server, or the ClearPass Policy
Manager (CPPM) server to use for Access Guardian authentication and accounting sessions.
• Authentication parameter values, such as the session timeout, inactivity timeout, interim accounting
update interval, and 802.1X re-authentication interval for authentication and accounting sessions.
• AAA profiles to define a custom, pre-defined AAA configuration that can be applied to a specific set
of UNP ports or through a Captive Portal profile.
Bring Your Own Devices (BYOD)
Access Guardian can interact with the Unified Policy Access Manager (UPAM) or the ClearPass Policy
Manager (CPPM) to provide support for the OmniSwitch BYOD unified access solution.
• Configurable switch parameters redirect traffic to the CPPM or UPAM server.
• Configurable UNP profile parameters allow devices assigned to the profile to honor CoA and DM
messages from the UPAM or CPPM.
• A port bounce operation is configurable on UNP ports to trigger re-authentication of non-supplicants
upon receipt of CoA and DM messages.
• A global pause timer is available to determine the amount of time the switch filters traffic from non-
supplicant (non-802.1X) devices on all UNP ports. This is done to clear the context of the user and is
triggered upon receipt of a CoA message that requires a VLAN change for the device.
• Access Guardian interacts with either UPAM or CPPM for a given instance, but not both at the same
time.
For more information about the OmniSwitch BYOD solution, see “Bring Your Own Devices (BYOD)
Overview” on page 28-115.
Learned Port Security
UNP and Learned Port Security (LPS) are supported on the same port with the following conditions:
• LPS is not supported on link aggregates.
• The LPS learning window is not set on a per-port basis, which means that the window applies globally
across all UNP ports on which LPS is enabled.
• When LPS is enabled or disabled on a UNP bridge port (LPS is not supported on UNP access ports),
MAC addresses already learned on that port are flushed.
To Next Page
Loading...
Need help?
General
