Configuring Access Guardian Configuring Port-Based Network Access Control
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-55
Consider the following when configuring a VLAN mapping for a UNP profile:
• The VLAN associated with a profile must already exist in the switch configuration, unless one of the
following conditions occur:
– The dynamic VLAN configuration functionality is enabled for the switch (see “Enabling Dynamic
VLAN Configuration” on page 28-55).
– The VLAN mapping to a profile is done when the switch boots up.
• Configuring a new VLAN mapping for a profile will overwrite the existing VLAN mapping for that
profile. Any change to the mapping configuration of the profile will flush all MAC addresses learned
on that profile.
• Removing a VLAN mapping configuration requires deleting the entire profile from the switch
configuration (no unp profile profile_name).
• If a standard VLAN ID associated with a VLAN profile is deleted, the profile association with that
VLAN ID is still maintained. Any traffic subsequently classified with this profile is filtered unless the
UNP port on which the traffic is received is configured with alternate classification methods (see
“Configuring UNP Port Parameters” on page 28-38).
To verify the VLAN profile configuration for the switch, use the show unp profile map command with
the vlan parameter. For example:
-> show unp profile employee map vlan
Profile Name Vlan-Id
--------------------------------+--------
employee 400
Enabling Dynamic VLAN Configuration
When creating a UNP VLAN profile, it is possible to specify the VLAN ID of a VLAN that does not exist
in the switch configuration. The UNP feature provides the ability to enable dynamic VLAN configuration,
which allows “on the fly” configuration of VLANs as they are needed.
When dynamic VLAN configuration is enabled and a profile is mapped to a VLAN that does not exist,
UNP will create that VLAN at the time the profile mapping is created.
Dynamic VLAN configuration is a global UNP setting that applies to all VLAN profiles. By default, this
setting is disabled for the switch. To enable this functionality, use the unp dynamic-vlan-configuration
command.
-> unp dynamic-vlan-configuration
Use the no form of the dynamic-vlan-configuration command to disable dynamic VLAN configuration.
-> no unp dynamic-vlan-configuration
Consider the following when enabling dynamic VLAN configuration:
• The VLAN status and other port (non-UNP port) assignments are configurable using standard VLAN
commands. In addition, the STP status of the VLAN is configurable and enabled by default when the
dynamic VLAN is created.
• A dynamic VLAN cannot be deleted using standard VLAN commands (no vlan vlan_id).
• UNP dynamic VLANs are identified as a separate type of VLAN. The show vlan command will
display this type with the default name of “UNP-DYN-VLAN” and the designated type as “UNP
Dynamic Vlan”. For example:
To Next Page
Loading...
