Configuring Access Guardian Policies Configuring Access Guardian
page 34-22 OmniSwitch AOS Release 6 Network Configuration Guide September 2009
-> vlan port mobile 3/1
-> vlan port 3/1 802.1x enable
The vlan port 802.1x command enables 802.1X on port 1 of slot 3. The port will be set up with defaults
listed in “802.1X Defaults” on page 37-2 of the Chapter 37, “Configuring 802.1X.”
To disable 802.1X on a port, use the disable option with vlan port 802.1x command. For more informa-
tion about vlan port commands, See Chapter 6, “Assigning Ports to VLANs.”
Configuring 802.1X Port Parameters
By default, when 802.1X is enabled on a port, the port is configured for bidirectional control, automatic
authorization, and re-authentication. In addition, there are several timeout values that are set by default as
well as a maximum number of times the switch will retransmit an authentication request to the user.
If it is necessary to change the default values of these parameters, see Chapter 37, “Configuring 802.1X.”
for information about how to configure 802.1X port parameters.
Configuring Access Guardian Policies
The Access Guardian provides functionality that allows the configuration of 802.1x device classification
policies for supplicants (802.1x clients) and non-supplicants (non-802.1x clients). See “Device Classifica-
tion Policy Types” on page 34-14 for more information.
Configuring device classification policies is only supported on mobile, 802.1x-enabled ports. In addition,
the port control status for the port must allow auto authorization (the default). See the “Configuring the
Port Authorization” on page 37-9 section in Chapter 37, “Configuring 802.1X,”for specific information
about how to enable 802.1x functionality on a port.
As described in “Device Classification Policy Types” on page 34-14, there are several types of policy
options that when combined together create either a supplicant or non-supplicant policy. Consider the
following when configuring policies:
• A single policy option can only appear once for a pass condition and once for a failed condition in a
single policy.
• Up to three VLAN ID policy options are allowed within the same policy, as long as the ID number is
different for each instance specified (e.g., VLAN 20 VLAN 30 VLAN 40).
• A policy must terminate. The last policy option must result in either blocking the device, assigning the
device to the default VLAN, or invoking Captive Portal for web-based authentication. If a final policy
option is not specified, the block option is used by default.
• The order in which policy options are configured determines the order in which they are applied to the
device.
• Configuring a policy to apply a User Network Profile (UNP) requires the name of an existing profile.
In addition, certain profile attributes may also require additional configuration. See “Configuring User
Network Profiles” on page 34-40 for more information.
To Next Page
Loading...
