Configuring Access Guardian Configuring Port-Based Network Access Control
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-51
Configuring UNP Profiles
A Universal Network Profile (UNP) is assigned to a host device through one of the following Access
Guardian methods:
1 The device authentication process via a remote RADIUS-capable server, a Unified Policy Access
Manager (UPAM) server, or a ClearPass Policy Manager (CPPM) server.
2 Application of profile classification rules, when authentication is not available or fails.
3 The UNP port configuration defines a default UNP profile for traffic that was not assigned to a profile
through other Access Guardian methods.
To create a UNP profile, use the unp profile command. For example:
-> unp profile guest
-> unp profile employee
After a profile is created, configure the profile mapping to determine if a device is forwarded on the
Access Guardian VLAN or service domain. Device traffic received on UNP bridge ports is eligible for
assignment to VLAN-mapped profiles; device traffic received on UNP access ports is eligible for
assignment to service-mapped profiles. For example, the following commands map a VLAN to the
“guest” profile and map a service to the “employee” profile:
-> unp profile guest map vlan 200
-> unp profile vNP1 map service-type spb tag-value 10 isid 1500 bvlan 500
Until a UNP profile is created and the VLAN or service mapping is configured, the profile is not available
for Access Guardian assignment of devices connected to UNP ports. See “Configuring the UNP Profile
Mapping” on page 28-54 for more information.
Configuring UNP Profile Attributes
When a profile is created with no other optional parameter values, the UNP profile attribute values listed
in “Access Guardian Profile Defaults” on page 28-3 are applied to the new profile. To change the default
UNP profile attribute values, use the commands listed in the following table:
Command Description
unp profile qos-policy-list Assigns a QoS policy list to a profile. If there is no list assigned to a
profile, users classified into that profile are granted full access
within the profile VLAN or service domain. See “Configuring QoS
Policy Lists” on page 28-61.
unp profile location-policy Assigns the name of a location-based policy to the profile. This type
of policy defines criteria (such as the slot/port, system name, and
location) to determine if a device is accessing the network from a
valid location.
unp profile period-policy Assigns the name of a time-based policy to the profile. This type of
policy specifies the days and times during which a device can access
the network.
unp profile captive-portal-profile Assigns the name of a Captive Portal profile that applies a specific
Captive Portal configuration to devices assigned to the UNP profile.
This type of profile is applied when Captive Portal is enabled for the
UNP profile and overrides the global Captive Portal configuration.
To Next Page
Loading...
Need help?
General
