Configuring Access Guardian Configuring Port-Based Network Access Control
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-65
Configuring UNP Classification Rules
UNP classification rules are defined and associated with UNP profiles to provide an additional method for
classifying a device into a profile. If authentication is not available or does not return a profile name for
whatever reason, classification rules are applied to determine the profile assignment.
The following table lists the classification rules that are supported and the unp classification command
that is used to configure each rule:
For example, the following command is used to configure a MAC address range rule and assign that rule
to an existing UNP profile named “Engineering”:
-> unp classification mac-address-range 00:11:22:33:44:55 00:11:22:33:44:66
profile1 Engineering
If the source MAC address of a device falls within the specified range of the example rule, then the device
is classified into the “Engineering” profile and assigned to the VLAN or service associated with that
profile.
Use the show unp classification command to verify the UNP classification rule configuration for the
switch. For example, the following command displays the MAC address range rule configuration:
-> show unp classification mac-range-rule
Low MAC Address High MAC Address VLAN Tag Profile1 Name Profile2 Name Profile3 Name
------------------+------------------+--------+-------------+-------------+-------------
00:11:22:33:44:66 00:11:22:33:44:77 - Engineering - -
00:11:22:33:44:88 00:11:22:33:44:99 10 CustB VNP-B -
Total Mac Range Rule Count: 2
For more information about UNP rules, see “UNP Classification Rules” on page 28-23.
Configuring the VLAN Tag Classification Rule
There are two methods for configuring classification rules that UNP will apply to device traffic that is
tagged with a specific VLAN ID:
• Use the unp classification vlan-tag command to configure a VLAN ID tag rule that is applied only to
traffic that is tagged with the specified VLAN ID. For example, the following command creates a
VLAN tag rule that will assign traffic tagged with VLAN 10 to the “serverA” profile:
Precedence Step/Rule Command
1. Port unp classification port
2. Domain ID unp classification domain
3. MAC Address unp classification mac-address
4. MAC OUI unp classification mac-oui
5. MAC Address Range unp classification mac-range
6. LLDP Media Endpoint Devices unp classification lldp med-endpoint
7. Authentication Type unp classification authentication-type
8. IP Address unp classification ip-address
9. VLAN Tag unp classification vlan-tag
To Next Page
Loading...
