Configuring Access Guardian Configuring Port-Based Network Access Control
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-52
Consider the following guidelines when configuring UNP profile attributes:
• Any profile names that will be assigned through RADIUS authentication and/or the UPAM or CPPM
BYOD process must be defined on the OmniSwitch and the RADIUS and/or UPAM or CPPM server.
• UNP profile attributes are only applied to device traffic that is received on UNP-enabled ports or link
aggregates. See “Configuring UNP Port-Based Functionality” on page 28-38 for more information.
• The QoS rules within a policy list are applied to all members of the UNP profile group to enforce
access to network resources. Only one policy list is allowed per profile, but multiple profiles may use
the same policy list. See “Configuring QoS Policy Lists” on page 28-61 for more information.
• Specifying a QoS policy list name that is inactive or does not already exist in the switch configuration
is allowed. However, the list will remain inactive for the UNP until the list is enabled or configured
using the QoS policy list commands. See “Configuring QoS Policy Lists” on page 28-61 for more
information.
• If a device violates a location or time period policy, the device is placed into an unauthorized state,
even though it is still assigned to the UNP profile. In this state, a built-in QoS policy list is applied to
the device to restrict the role of the device in the network. See “Built-in Restricted Roles” on
page 28-15 for more information.
unp profile captive-portal-
authentication
Configures the status of internal Captive Portal authentication for
the profile. When enabled, triggers the OmniSwitch Captive Portal
authentication process for users classified into the profile.
unp profile authentication-flag Configures the status of the authentication flag for the profile. When
enabled, only devices that were successfully authenticated are
allowed into the profile.
unp profile mobile-tag Configures the mobile tagging status for the profile. When enabled,
the first user that is learned on a UNP port and classified into the
UNP profile will cause the UNP port to be added as a tagged
member of the VLAN associated with the profile. If the profile is
mapped to a service, a tagged virtual port association is created.
unp profile saa-profile Assigns the name of a Service Assurance Agent (SAA) profile to
the specified UNP profile. An SAA profile is mainly used by the
OmniVista network management application to monitor
connections between virtual machines (VMs) in a data center
network. See “Configuring a Service Assurance Agent Profile” on
page 28-57.
unp profile maximum-ingress-
bandwidth
Configures the maximum amount of bandwidth allocated for ingress
traffic on UNP ports assigned to the profile.
unp profile maximum-egress-
bandwidth
Configures the maximum amount of bandwidth allocated for egress
traffic on UNP ports assigned to the profile.
unp profile maximum-ingress-
depth
Configures how much traffic is allowed to burst over the maximum
ingress bandwidth limits on UNP ports assigned to the profile.
unp profile maximum-egress-depth Configures how much traffic is allowed to burst over the maximum
egress bandwidth limits on UNP ports assigned to the profile.
unp profile inactivity-interval Configures whether or not an authenticated device assigned to the
profile is automatically logged out of the network after a specific
period of inactivity (MAC address for the device has aged out).
To Next Page
Loading...
