Configuring Access Guardian Access Guardian Overview
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-18
• The STP status is configurable and is enabled by default for dynamic VLANs. This STP instance is
included in the maximum number of 1x1 STP instances allowed when the switch is running in the 1x1
STP mode.
However, UNP dynamic VLANs differ from standard VLANs as follows:
• A dynamic VLAN cannot be deleted using standard VLAN commands. The VLAN is only removed
when the UNP to which the VLAN is mapped is deleted.
• UNP dynamic VLANs are identified as a separate type of VLAN. The vlan show commands will
display this type with the default name of “UNP-DYN-VLAN” and the designated type as “UNP
Dynamic Vlan”.
• Dynamic VLANs are not saved in the “! VLAN:” section of the switch configuration file (boot.cfg).
However, the unp commands to enable dynamic VLAN configuration and create the UNP are saved in
the “! DA-UNP:” section of the boot.cfg file. As a result, the VLAN is created again on the next switch
bootup.
For more information, see “Enabling Dynamic VLAN Configuration” on page 28-55.
UNP Profile Attributes
In addition to profile mapping, there are configurable UNP profile attributes that are applied to device
traffic once the device is moved into the profile. These attributes determine the following:
• If a list of QoS policy rules is applied to the traffic.
• If a location or time period policy restricts access to a specific location or during a specific date and
time.
• Whether device traffic is redirected for internal Captive Portal authentication (the OmniSwitch serves
up the login page to the user).
• Whether devices that did not pass authentication are allowed into the profile.
• Whether the UNP port to which a device is connected is tagged with the VLAN mapped to the profile
when the first device is classified into that profile.
• Whether profile devices are redirected to a Unified Policy Access Manager (UPAM) server or a
ClearPass Policy Manager (CPPM) server for Bring Your Own Devices (BYOD) authentication and
classification.
• The bandwidth parameter values that are used to rate limit traffic on profile ports.
• The amount of time an authenticated user device remains logged into the network after the source
MAC address for the device has aged out.
For more information about configuring a UNP, see “Configuring UNP Profiles” on page 28-51.
Dynamic VLAN Profiles
UNP functionality provides the ability to dynamically create VLAN profiles based on very specific traffic
conditions. A UNP profile is dynamically created when the trust VLAN tag option is enabled on the UNP
port or link aggregate and one of the following conditions occurs:
• A tagged packet received on the UNP port contains a VLAN tag that matches an existing MVRP
VLAN in the switch configuration that is not assigned to a profile.
• There is no matching VLAN in the switch configuration.
To Next Page
Loading...
