Configuring Access Guardian Configuring Port-Based Network Access Control
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-38
Redirect http proxy-port = 8080
Redirect Server IP = 10.1.1.1
Allowed IP = -
Configuring UNP Port-Based Functionality
Access Guardian provides network access and QoS on a per-user basis through the framework of the
Universal Network Profile (UNP) feature. UNP functionality is enabled and applied on switch ports or
link aggregates. Devices connected to a UNP-enabled port or link aggregate are subject to authentication
and classification as determined by the UNP port and switch configuration.
By default, UNP functionality is disabled on all switch ports and link aggregates. There are two UNP port
types supported: bridge and access. To enable UNP functionality and specify a port type, use the unp
port-type command. For example:
-> unp port 1/1/12 port-type bridge
-> unp linkagg 5 port-type bridge
-> unp port 1/1/13 port-type access
-> unp linkagg 6 port-type access
To remove the UNP configuration from a port or link aggregate, use the no unp port or no unp linkagg
command. For example:
-> no unp port 1/1/3
-> no unp linkagg 10
To change the port type of an existing UNP port, remove the current UNP configuration using the no unp
port or no unp linkagg command then use the unp port-type command to set the new port type. For
example:
-> no unp port 1/12
-> unp port 1/12 port-type access
-> no unp linkagg 5
-> unp linkagg 5 port-type access
Configuring UNP Port Parameters
The UNP port parameter values listed in “Access Guardian UNP Port Defaults” on page 28-5 are applied
when UNP functionality is enabled on a port or link aggregate. To change the default UNP port parameter
values, use the commands listed in the following table:
Note. When device authentication fails due to an unreachable RADIUS server, an event message is sent to
the switch logging utility (swlog). See Chapter 51, “Switch Logging Commands,” for more information.
Command Description
unp redirect port-bounce Configures the redirect port bounce status for the port. When
enabled, a port bounce is triggered upon receipt of Change of
Authorization (CoA) or Disconnect request (DM) messages. This
command applies only to UNP bridge ports.
unp 802.1x-authentication Configures the status of 802.1X authentication for the UNP port.
unp 802.1x-authentication pass-
alternate
Assigns the name of an existing UNP as an alternate profile. If
successful 802.1X authentication does not return a UNP, the device
can be classified into this alternate profile.
To Next Page
Loading...
Need help?
General
