Configuring Access Guardian Configuring Port-Based Network Access Control
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-57
Enabling Dynamic Profile Configuration
The UNP feature provides the ability to enable dynamic VLAN profile configuration, which allows “on
the fly” configuration of profiles when specific traffic conditions occur. By default, dynamic profile
configuration is disabled for the switch. To enable this functionality, use the unp dynamic-profile-
configuration command.
-> unp dynamic-profile-configuration
Use the no form of the dynamic-profile-configuration command to disable this functionality.
-> no unp dynamic-profile-configuration
Dynamic profile configuration is a global UNP setting that is applied to traffic on any UNP bridge port
that is configured to trust the VLAN tag of the incoming packets.
Consider the following when enabling dynamic profile configuration:
• A profile is only dynamically created if the trust VLAN tag is enabled for the UNP bridge port and the
packet VLAN tag matches an MVRP VLAN ID that is not assigned to a UNP or there is no matching
VLAN ID in the switch configuration.
• Dynamically created profiles are saved in the boot.cfg file for the switch.
• By default, dynamically created VLAN profiles are automatically named dynamic_profile_vlan_id,
where the VLAN ID is the ID of the VLAN contained in the packet tag.
• After the dynamic profile is created, changing the VLAN profile name, associated VLAN ID, or the
QoS policy list is allowed. To avoid any confusion, change the profile name if the VLAN ID
associated with the profile has changed.
• When the dynamic profile configuration option is enabled along with the dynamic VLAN
configuration option and the dynamically created profile refers to a VLAN that is an MVRP VLAN,
then the MVRP VLAN is automatically converted to a dynamic UNP VLAN (UNP-DYN-VLAN).
To verify the status of dynamic profile configuration for the switch, use the show unp global
configuration command. For example:
-> show unp global configuration
Dynamic Vlan Configuration = Enabled,
Dynamic Profile Configuration = Enabled,
Auth Server Down Profile1 = -,
Auth Server Down Profile2 = -,
Auth Server Down Profile3 = -,
Auth Server Down Timeout = 60,
Redirect Port Bounce = Enabled,
Redirect Pause Timer = -
Redirect http proxy-port = 8080
Redirect Server IP = 10.1.1.1
Allowed IP = -
Force L3-Learning = Disabled
Force L3-Learning Port Bounce = Disabled
802.1x Pass Through Mode = Disabled
AP Mode = Enabled
Configuring a Service Assurance Agent Profile
A Service Assurance Agent (SAA) profile defines jitter and latency threshold values that are applied by
SAA sessions to monitor the performance of network traffic associated with a UNP VLAN profile. An
To Next Page
Loading...
