Configuring Access Guardian Quick Steps for Configuring Access Guardian
OmniSwitch AOS Release 6 Network Configuration Guide September 2009 page 34-7
To display the number of non-802.1x users learned on the switch, use the show 802.1x non-supplicant
command:
-> show 802.1x non-supplicant
Slot MAC Authentication Classification Vlan
Port Address Status Policy Learned
-----+-----------------+----------------+--------------+--------
03/3 00:61:22:15:22:33 Failed Vlan ID 1001
03/3 00:61:22:44:75:66 Authenticated MAC Authent 14
03/11 00:00:39:47:4f:0c Failed Vlan ID 1001
03/11 00:00:39:c9:5a:0c Authenticated Group Mobility 12
03/11 00:b0:d0:52:47:35 Authenticated Group Mobility 12
03/11 00:c0:4f:0e:70:68 Authenticated MAC Authent 14
See the OmniSwitch CLI Reference Guide for information about the fields in this display.
Quick Steps for Configuring User Network Profiles
A User Network Profile (UNP) is a configurable option for Access Guardian device classification poli-
cies. The following quick steps provide a brief tutorial on how to create a UNP and configure a device
classification policy to use the UNP to classify a device:
1 To create a User Network Profile, use the aaa user-network-profile command.
-> aaa user-network-profile name guest_user vlan 500
2 To enable the Host Integrity Check option for a UNP, use the aaa user-network-profile command
with the hic enable parameter.
-> aaa user-network-profile name guest_user vlan 500 hic enable
3 To assign a list of QoS policies to a UNP, use the aaa user-network-profile command with the
policy-list-name parameter. Note that the policy list specified must already exist in the switch configura-
tion (see “Quick Step for Configuring QoS Policy Lists” on page 34-9).
-> aaa user-network-profile name guest_user vlan 500 policy-list name temp_rules
4 To configure an Access Guardian device classification policy to apply a user profile, use the 802.1x
supplicant policy authentication, 802.1x non-supplicant policy authentication, 802.1x captive-portal
policy authentication, or 802.1x non-supplicant policy command with the user-network-profile param-
eter. For example:
-> 802.1x 1/10 supplicant policy authentication user-network-profile guest_user
Note. Verify the UNP configuration using the show aaa user-network-profile command:
-> show aaa user-network-profile
Role Name Vlan HIC Policy List Name
--------------------------------+-----+----+----------------------------
guest-user 500 Yes temp_rules
accounting 20 No acct_rules
To verify the UNP configuration for a device classification policy, use the show 802.1x device classifica-
tion policies command:
To Next Page
Loading...
