Alcatel-Lucent OmniSwitch 6860 Series

To Next Page

To Previous Page

Configuring Access Guardian Configuring Port-Based Network Access Control

OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-48

By default, all UNP ports are assigned to domain 0. To add additional domain IDs, use the unp domain

description command. For example, the following command creates domain 2 with an optional

description:

-> unp domain 2 description “Customer A Domain”

If the optional description parameter is not specified, the description defaults to “UNP Domain x”, where

x is the domain ID number. In the above example, if the “Customer A Domain” description was not

specified with the command, the description text would default to “UNP Domain 2”.

To assign UNP ports to a customer domain ID, use the unp domain command. For example:

-> unp port 1/1-3 domain 2

-> unp linkagg 5 domain 2

Use the show unp domain command to display the UNP domain ID configuration. For example:

-> show unp domain

Domain Description

--------+------------------------------------

0 Default-Domain

1 UNP Domain 1

2 Customer A Domain

Use the show unp port command to display the domain ID assignment for a UNP port. For example:

-> show unp port

Port Port Type 802.1x Mac Class. Default 802.1X MAC Trust-Tag

Domain Auth Auth Pass-Alt Pass-Alt

-----+------+------+--------+--------+--------+----------+----------+---------+---------

1/15 2 Bridge Disabled Disabled Enabled unp-1001 - - Disabled

1/16 2 Bridge Disabled Disabled Disabled unp-1001 - - Disabled

1/17 2 Access Disabled Enabled Enabled spb1001 - - Enabled

1/18 2 Access Disabled Enabled Disabled - - - Disabled

1/19 2 Bridge Enabled Enabled Disabled DefUnp 1XProf1 MacPAS Enabled

1/20 2 Access Enabled Disabled Enabled - 1XProf2 - Enabled

Configuration Example

The following CLI configuration example groups ports assigned to Customer A into UNP domain 2 and

creates a MAC address range classification rule that is also associated with domain 2:

-> unp domain 2 description "Customer A Domain"

-> unp port 1/15-20 port-type bridge

-> unp port 1/15-20 domain 2

-> unp profile CustA

-> unp classification mac-range 00:11:22:33:44:66 00:11:22:33:44:77 domain 2

profile1 CustA

In this example:

• UNP domain 2 is created with a description and UNP ports 1/15-20 are assigned to domain 2.

• A UNP MAC address range classification rule is defined and associated with domain 2 and the

“CustA” profile.

Main Page

Alcatel-Lucent OmniSwitch 6860 Series

Table of Contents

Related product manuals