OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-1
28 Configuring Access
Guardian
Access Guardian refers to the following OmniSwitch security functions that work together to provide a
dynamic, proactive network security solution:
• Universal Network Profile (UNP)—Access Guardian is configured and applied through the
framework of the UNP feature. UNP is enabled on switch ports to activate Access Guardian
functionality that is used to authenticate and classify users into UNP profiles. Each profile is mapped to
a VLAN ID or Service Access Point (SAP) to which the user is dynamically assigned. Specific UNP
port configurations help to simplify and easily replicate the same configuration across multiple ports.
• Authentication, Authorization, and Accounting (AAA)—Provides the switch-based authentication
and accounting configuration that defines the RADIUS-capable servers to use for each type of Access
Guardian authentication (802.1X, MAC, and Captive Portal). AAA profiles define a specific AAA
configuration that can be applied at the port level (overrides the global AAA configuration).
• Bring Your Own Device (BYOD) - OmniSwitch / UPAM or ClearPass Integration: The
OmniSwitch leverages Access Guardian functionality along with the OmniVista Unified Policy Access
Manager (UPAM) or the ClearPass Policy Manager (CPPM) to provide the overall BYOD solution.
BYOD allows a wired guest, device, or authenticated user to connect to the network through an
OmniSwitch edge device using the UPAM or CPPM for unified authentication. UPAM and CPPM
provide the framework for device onboarding, guest registration, and authentication, as well as device
posture checking and profiling.
• Captive Portal—Internal and external Captive Portal Web-based authentication. Internal Captive
Portal authentication is provided through an internal Web server on the OmniSwitch that presents
default or customized Web pages to the user. A post-authentication and/or post-classification process to
validate user credentials and dynamically assign a new role (policy list) to enforce user access to the
network. External, guest Captive Portal authentication is provided through the OmniSwitch Access
Guardian interaction with the OmniVista Unified Policy Access Manager or the ClearPass Policy
Manager.
• Quarantine Manager and Remediation (QMR)—QMR is a switch-based application that restricts
the network access of known quarantined users and provides a remediation path to allow quarantined
users to regain their network access.
To Next Page
Loading...
