Configuring Access Guardian Configuring Port-Based Network Access Control
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-47
values become the latest bandwidth values for the profile, so they are applied to all user devices
associated with the profile.
• The bandwidth limitation applied on a port through UNP classification is not removed when a user logs
out or ages out. An administrator can override the bandwidth limitation through the qos port command
or by removing the UNP configuration on the port.
• If any port bandwidth parameter value defined for a UNP profile is modified, then the other parameters
need to be configured again, otherwise they will be set to their default values. For example, consider a
UNP profile with maximum egress bandwidth set to 100M and egress depth set to 10K and the
maximum bandwidth is changed to 200M. In this scenario, only the modified maximum bandwidth is
considered, but the egress depth is reset to the default value unless the required value is specifically
configured again.
• If port bandwidth values are applied through a UNP profile and through a QoS policy list associated
with the same profile, then the minimum of these two values is applied to the UNP port. For example,
consider a UNP profile with the maximum ingress bandwidth parameter set to 200M but the QoS
policy list associated with the same profile sets the maximum ingress bandwidth to 100M, then the
bandwidth value of 100M is applied.
Multiple User Authentication on the Same Port
If multiple users are authenticated through the same UNP port and are classified with either RADIUS
returned attributes or through locally configured classification methods, then the bandwidth associated to
the latest authenticated user will override the previous bandwidth settings. If there is no bandwidth
associated with the new user, then no rate limitations are enforced and the previously set bandwidth is
applied to the new authenticated user.
There is no priority between bandwidth limits that are applied through the qos port command or applied
through UNP parameters. The latest change will over write the previous bandwidth limitation applied on
the port. For example:
Configuring UNP Port Domains
UNP port domains provide an additional method for segregating device traffic. A domain is identified by a
numerical ID that can be assigned to UNP ports and profile classification rules. By default, all UNP ports
and profile rules are assigned to domain 0.
The main benefit of UNP port domains is that they provide the ability to group physical UNP ports or link
aggregates into one logical domain. Once a UNP port is assigned to a specific domain ID, only
classification rules associated with the same domain ID are applied to that port.
Bandwidth Profile Action
If a user authenticates into a UNP with no UNP
bandwidth profile (no bandwidth parameters or
QoS policy list to apply rate limitations).
The port bandwidth setting is applied.
If a user authenticates into a UNP with a
bandwidth profile (bandwidth parameters or QoS
policy list applies rate limitations).
The UNP bandwidth setting overrides the port
bandwidth setting.
Note. The same bandwidth behavior applies when the user is authenticated with QoS port bandwidth: the
QoS port configuration is the latest configuration.
To Next Page
Loading...
