EasyManua.ls Logo

Alcatel-Lucent OmniSwitch 6860 Series

Alcatel-Lucent OmniSwitch 6860 Series
1078 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Configuring Access Guardian Configuring Port-Based Network Access Control
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-50
example, the profile “DropL2” was configured to discard STP, GVRP, and 802.1ab frames. No other
protocol settings were changed, so the default settings still apply for the other protocols.
Remove any profile associations with UNP access ports before attempting to modify or delete the
profile.
To delete a Layer 2 profile, use the no form of the service l2profile command. For example, the following
command deletes the “DropL2” profile:
-> no service l2profile DropL2
Use the show service l2profile command to view a list of profiles that are already configured for the
switch. This command also displays the attribute values for each profile.
Assigning Layer 2 Profiles to UNP Access Ports
After a Layer 2 profile is created, it is then necessary to assign the profile to a UNP access port or link
aggregate. When this is done, the current profile associated with the port is replaced with the new profile.
The unp l2-profile command is used to assign a new profile to an access port. For example, the following
commands assign the “DropL2” profile to UNP access port 1/4 and link aggregate 5:
-> unp port 1/4 l2-profile DropL2
-> unp port linkagg 5 l2-profile DropL2
To change the profile associated with the access port back to the default profile (unp-def-access-profile),
specify the default profile name with the unp l2-profile command. For example:
-> unp port 1/4 l2-profile default
-> unp linkagg 5 l2-profile default
Use the show unp port config command to verify the Layer 2 profile assignment. For example:
-> show unp port 1/1/11 config
Port 1/1/11
Port-Type = Access,
802.1x authentication = Enabled,
802.1x Pass Alternate Profile = -,
802.1x Bypass = Disabled,
802.1x failure-policy = default,
Mac-auth allow-eap = -,
Mac authentication = Enabled,
Mac Pass Alternate Profile = -,
Classification = Enabled,
Trust-tag = Enabled,
Default Profile = -,
Port Domain Num = 0,
AAA Profile = -,
Port Template = accessDefaultPortTemplate,
Admin State = Enabled,
Dynamic Service = spb,
PVLAN Port Type = -,
Force L3-Learning = Disabled,
Force L3-Learning Port Bounce = Enabled,
802.1x Parameters:
Tx-Period = 30,
Supp-Timeout = 30,
Max-req = 2
L2 Profile = "unp-def-access-profile",

Table of Contents

Related product manuals