Configuring Access Guardian Interaction With Other Features
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-29
• MAC-based and 802.1X-based authentication using a RADIUS-capable server.
• Redirection for Captive Portal authentication.
• Redirection to the Unified Policy Access Manager (UPAM) or the ClearPass Policy Manager (CPPM)
for Bring Your Own Devices (BYOD) user device registration, integrity check, UNP assignment, and
policy list assignment.
• Switch-wide classification rules to classify users based on port and device attributes (for example,
source MAC, Group ID, IP address). No authentication required.
• VLAN tag classification to create VLAN port or Service Access Point (SAP) associations based on the
VLAN ID contained in device packets.
• Default UNP classification for traffic not classified through other methods.
Basically, UNP functionality is used to define profile-based VLANs or services to which network devices
are assigned. The profile can allow, deny, or require actions by users or machines on the network. Because
membership to a VLAN or service is based on UNP profile criteria, devices assigned to the VLAN or
service are not tied to a specific port or switch. This flexibility allows device mobility within the network
while maintaining network security.
Virtual Network Profiles
A Virtual Network Profile (vNP) refers to a UNP that is configured for machine classification, in
particular virtual machines. This type of UNP will classify virtual machines in the same manner as any
other device connected to a UNP port.
Once a virtual machine is assigned to a vNP, the VM traffic is bound to the VLAN or service as defined
by the profile. In addition, any QoS policies associated with the profile are also applied to the VM traffic.
See “Device Authentication” on page 28-13 for more information.
For more information about virtual machine classification, see the “Virtual Machine Classification”
chapter in the OmniSwitch AOS Release 8 Data Center Switching Guide.
UNP Port Interaction with Other Features
The following tables provides a summary list of switch features and whether or not each feature is
supported on UNP-enabled ports:
Feature UNP Port
802.1q Not supported.
Supported on untagged ports.
Application Fingerprinting (AFP)
UNP mode
Supported (UNP is applied first then AFP if the
UNP applies a QoS policy list rule that specifies
an AFP group name).
Application Monitoring and
Enforcement (AppMon)
Edge Virtual Bridging (EVB) Not supported.
Ethernet OAM port Not supported.
Ethernet Ring Protection (ERP) Not supported.
Ethernet Services (VLAN Stacking) Not supported.
To Next Page
Loading...
