Alcatel-Lucent OmniSwitch 6850-48 - Chapter 34 Configuring Access Guardian; In this Chapter

To Next Page

To Previous Page

OmniSwitch AOS Release 6 Network Configuration Guide September 2009 page 34-1

34 Configuring Access

Guardian

Access Guardian refers to the following collection of Alcatel-Lucent security functions that work together

to provide a dynamic, proactive network security solution:

• Authentication and Classification—Access control is configured on 802.1X-enabled ports using

device classification policies. A policy can specify the use of one or more types of authentication meth-

ods (802.1X, MAC-based, or Web-based Captive Portal) for the same port. For each type of authentica-

tion, the policy also specifies the classification method (RADIUS, Group Mobility, default VLAN,

User Network Profile, or block device access).

• Host Integrity Check (HIC)—An integrated solution for device integrity verification. This solution

consists of the InfoExpress CyberGatekeeper server, a permanent or web-based downloadable agent to

verify host compliance, and User Network Profiles (UNP). HIC is triggered when a UNP is applied to a

device and HIC is enabled for the UNP.

• User Network Profiles (UNP)—One of the configurable options of a device classification policy is to

classify a device with a UNP. When the policy applies the UNP to one or more devices, the UNP deter-

mines the VLAN assignment for the device, whether or not HIC is required for the device, and if any

QoS access control list (ACL) policies are applied to the device.

In This Chapter

This chapter provides an overview of Access Guardian security features and describes how to configure

these features through the Command Line Interface (CLI). CLI commands are used in the configuration

examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide.

The following information and procedures are included in this chapter:

• “Quick Steps for Configuring Access Guardian” on page 34-5

• “Access Guardian Overview” on page 34-12.

• “Interaction With Other Features” on page 34-19.

• “Setting Up Port-Based Network Access Control” on page 34-21.

• “Configuring Access Guardian Policies” on page 34-22.

• “Configuring Captive Portal Authentication” on page 34-32.

• “Configuring Host Integrity Check” on page 34-39.

• “Configuring User Network Profiles” on page 34-40.

• “Verifying Access Guardian Users” on page 34-42.

Other manuals for Alcatel-Lucent OmniSwitch 6850-48