Configuring Access Guardian Configuring Port-Based Network Access Control
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-37
Inactivity Timeout:
Status = disable,
Interval (sec) = 600
Accounting Interim:
Interval (sec) = 600,
Trust Radius = disable
RADIUS client attributes:
NAS port id = default,
NAS identifier = default,
MAC format delimiter:
Username = none, UserNameCase = uppercase,
Password = none, PasswordCase = uppercase,
calling station id = none, ClgStaIdCase = uppercase,
called station id = none, CldStaIdCase = uppercase
For more information about the commands described in this section, see the OmniSwitch AOS Release 8
CLI Reference Guide.
Configuring an Authentication Server Down UNP
An authentication server down UNP is used to classify devices attempting to authenticate through UNP
ports when the RADIUS server is unreachable. By default, there is no such profile configured for the
switch. To create this type of UNP, use the unp auth-server-down command.
-> unp auth-server-down profile1 down_unp
After a device is classified into the VLAN for this UNP, an attempt to re-authenticate the device is made
after a specific period of time (60 seconds by default). To change this time value, use the unp auth-
server-down-timeout command.
-> unp auth-server-down-timeout 120
Configuring an authentication server down UNP is highly recommended when MAC or 802.1X
authentication is enabled on any UNP port or link aggregate. This is because after a switch reload, the
traffic from devices connected to UNP ports and link aggregates reaches the switch and triggers the
authentication process before route convergence has completed and the server can be reached.
• If an authentication server down UNP is configured, devices are temporarily learned in that profile and
authentication is automatically attempted again after the timeout period expires. This allows time for
the server to become reachable from the switch after a reload.
• If an authentication server down UNP is not configured, devices are learned as filtering and will remain
in that state. There is no further attempt to authenticate these devices again.
The authentication down UNP and related timer value are applied to all traffic received on all UNP ports
in the event the RADIUS server becomes unreachable. To verify if this setting is enabled or disabled, use
the show unp global configuration command. For example:
-> show unp global configuration
Dynamic Vlan Configuration = Disabled,
Dynamic Profile Configuration = Disabled,
Auth Server Down Profile1 = down_unp,
Auth Server Down Profile2 = -,
Auth Server Down Profile3 = -,
Auth Server Down Timeout = 120,
Redirect Port Bounce = Enabled,
Redirect Pause Timer = -
To Next Page
Loading...
