Configuring Access Guardian Bring Your Own Devices (BYOD) Overview
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-126
BYOD Authentication Process Overview
This section describes the basic BYOD process with respect to the OmniSwitch interaction with the
UPAM or ClearPass server.
Authentication for Registered Devices (802.1X)
The BYOD solution provides the following authentication process for registered devices (for example, IT
issued employee devices):
1 When 802.1X authentication is enabled on a UNP port and the OmniSwitch detects a user device on
that port, the authentication process is triggered to classify the user.
2 The OmniSwitch sends a request to the UPAM or ClearPass server that authenticates the user based on
user credentials and the profiles and policies configured on the UPAM or ClearPass server.
3 UPAM or ClearPass classifies the user to a registered UNP and returns the UNP information to the
OmniSwitch.
4 The OmniSwitch assigns the user to the UNP obtained from the UPAM or ClearPass server.
Authentication for Network Devices (MAC Authentication)
The BYOD solution provides the following MAC authentication process for network devices such as IP
phones, printers, or access points.
1 When MAC authentication is enabled on a UNP port and the OmniSwitch detects a device on that port,
the MAC authentication process is triggered to classify the device.
2 The OmniSwitch sends a request to the UPAM or ClearPass server that authenticates the device based
on the device MAC address and the profiles and policies configured on the UPAM or ClearPass server.
3 UPAM or ClearPass classifies the device to a UNP and returns the UNP information to the
OmniSwitch.
4 The OmniSwitch assigns the device to the UNP obtained from the UPAM or ClearPass server.
Authentication for Guest Devices and Employee Onboarding
The BYOD solution provides the following authentication process for guest devices and employee
personal devices:
1 When MAC authentication is enabled on a UNP port and the OmniSwitch detects a device on that port,
the MAC authentication process is triggered to classify the device.
2 UPAM or ClearPass initially classifies the device into a temporary UNP and returns a redirection URL
that allows for guest registration or employee onboarding.
3 The OmniSwitch assigns the user to the temporary UNP name returned from UPAM or CPPM. Since
redirection is also set, all DHCP or DNS traffic is allowed but HTTP traffic from the user is redirected
towards the URL returned with the UNP.
4 The user is presented with a guest login page or an onboarding page to enter user credentials.
5 UPAM or ClearPass determines the appropriate role of the user after performing registration and sends
the final UNP to the OmniSwitch through a RADIUS CoA request or through a RADIUS Access-Accept
packet for onboarding.
To Next Page
Loading...
Need help?
General
