Configuring Access Guardian Access Guardian Application Examples
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-97
• The MAC addresses are learned in the assigned VLANs and the device port is now an untagged
member of the assigned VLANs.
UNP Port Template Example
In Application Example 1 (Classification), individual CLI commands are used in Steps 6 and 7 to
configure UNP port parameters. However, it is possible to create a UNP port template that defines port
configuration parameters and assigns these parameters to a template name.
1 Create a port template.
-> unp port-template classify-template
2 Configure the template to enable classification on the associated UNP port.
-> unp port-template classify-template classification
3 Configure the template to assign a default UNP profile to the UNP port.
-> unp port-template classify-template default-profile def_unp
4 Assign the template to the UNP port to apply the template configuration.
-> unp port 1/1/1 port-template classify-template
Using a port template to configure UNP ports helps to simplify and expedite the configuration process.
Templates allow the administrator to easily replicate a specific configuration across multiple UNP ports.
Application Example 2: 802.1X Authentication
In this example, network access control for Employee2 is provided through the Access Guardian 802.1X
authentication mechanism. Authentication is a function of the UNP feature and is enabled or disabled on
UNP ports. There are two types of authentication supported at the port (Layer 2) level: 802.1X and MAC
authentication.
This application example demonstrates the 802.1X authentication capability for a supplicant (802.1X)
device. The following steps provide a brief tutorial for how to configure this example:
1 Configure a server as a RADIUS server on the switch.
-> aaa radius-server alu-authserver host 10.242.254.101 hash-key secret
retransmit 3 timeout 2 auth-port 1812 acct-port 1813
2 Configure the switch to use “alu-authserver” (identified in Step 1) for 802.1X device authentication.
-> aaa device-authentication 802.1x alu-authserver
3 Configure the switch to use “alu-authserver” for RADIUS server accounting.
-> aaa accounting 802.1x alu-authserver
4 Create the required VLANs.
-> vlan 10 admin-state disable name vlan10-block
-> vlan 20 admin-state enable name vlan20-corporate
To Next Page
Loading...
Need help?
General
