Configuring Access Guardian Configuring Port-Based Network Access Control
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-35
Use the show aaa radius config command to display RADIUS client attribute values and the MAC
address format. For example:
-> show aaa radius config
RADIUS client attributes:
NAS port id = default,
NAS identifier = default
MAC format delimiter:
Username = none, UserNameCase = uppercase,
Password = none, PasswordCase = uppercase,
calling station id = none, ClgStaIdCase = uppercase,
called station id = none, CldStaIdCase = uppercase
For more information about the commands described in this section, see the OmniSwitch AOS Release 8
CLI Reference Guide.
Using AAA Configuration Profiles
An AAA profile is a configuration entity that provides flexible assignment of switch-based authentication
parameters to specific UNP ports. When an AAA profile is assigned to a UNP port, the parameter values
defined in the profile are applied to the sessions on that port. The profile configuration overrides the global
AAA configuration for users authenticating on the assigned port.
Use an AAA profile to define and apply the following AAA configuration settings:
• The authentication server to use for 802.1X, MAC, and Captive Portal authentication.
• The accounting server to use for 802.1X, MAC, and Captive Portal authentication.
• Authentication session parameter values, such as the session timeout, inactivity timeout, interim
accounting interval, or 802.1X re-authentication interval.
• RADIUS attribute values for NAS-Port and NAS-Identifier attributes.
• MAC address format used when a MAC address is specified in the Calling-Station-ID and Called-
Station-ID attributes.
AAA profiles can be used to apply different sets of AAA configuration parameters to different sets of
ports. For example, different AAA profiles could be created to point to different RADIUS servers for each
authentication method. This would allow the switch to interact with a specific server on one set of ports
and interact with a different server on another set of ports.
In addition, an AAA profile can be assigned to a Captive Portal profile to define specific AAA
configuration options for Captive Portal authentication. A Captive Portal profile is assigned to a UNP
profile and applied when Captive Portal authentication is enabled for the profile.
Configuring AAA Profiles
Use the aaa profile command to create a profile name and configure parameter values for that profile. For
example:
-> aaa profile ap-1
-> aaa profile ap-1 device-authentication mac rad1 rad2
-> aaa profile ap-1 device-authentication 802.1x rad1 rad2
-> aaa profile ap-1 device-authentication captive-portal rad1 rad2
-> aaa profile ap-1 accounting 802.1x rad1 rad2
-> aaa profile ap-1 accounting mac rad1 rad2
-> aaa profile ap-1 accounting captive-portal syslog 10.135.67.99 port 8000
To Next Page
Loading...
