Configuring Access Guardian Configuring Port-Based Network Access Control
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-67
-> unp classification lldp med-endpoint access-point profile1 defaultWLANProfile
Configuring Binding Rules for UNP Profiles
A binding rule defines a combination of one or more individual rules, all of which a device has to match.
The following binding rule combinations are configurable and are listed in the order of precedence:
1 Port + MAC address + IP address
2 Port + MAC address
3 Port + IP address
4 Domain ID + MAC address + IP address
The precedence order of binding rules is used to determine precedence among only binding classification
rules. However, all binding rules take precedence over all individual rules. So if a device matches both an
individual rule and a binding rule, the device is classified into the profile associated with the binding rule.
The same commands used to configure individual classification rules are also used to configure binding
rule combinations. For example, the unp classification mac-address command is used in the following
example to configure a binding rule that combines a MAC address rule, an IP address rule, and a port rule:
-> unp classification mac-address 00:11:22:33:44:55 ip-address 10.0.0.20 mask
255.255.0.0 port 1/1/1 profile1 serverA
If the source MAC address, source IP address, and port of a device matches the MAC address, IP address,
and port defined in the example binding rule, then the device is classified into the “serverA” profile and
assigned to the VLAN associated with that profile.
Configuring Extended Classification Rules for UNP Profiles
An Extended classification rule defines a list of individual rules and assigns the list a name and a
precedence value. A device must match all of the rules specified in the extended rule list.
The unp classification-rule command is used to create an extended rule and set the precedence value for
the rule. The following commands are used to define classification rules and assign the rules to the
extended rule name:
Note. An LLDP MED Endpoint AP rule is implicitly created and assigned to “defaultWLANProfile” (a
built-in UNP profile on the switch) when the switch boots up. This facilitates the automatic discovery and
management of OmniAccess Stellar APs that are connected to the switch.
Precedence Step/Rule Command
1. Port unp classification-rule port
2. Domain ID unp classification-rule domain
3. MAC address unp classification-rule mac-address
4. MAC OUI unp classification-rule mac-oui
5. MAC address range unp classification-rule mac-range
6. LLDP Media Endpoint
Devices
unp classification-rule lldp med-endpoint
7. Authentication Type unp classification-rule authentication-type
8. IP address unp classification-rule ip-address
9. VLAN tag unp classification-rule vlan-tag
To Next Page
Loading...
