Configuring Access Guardian Configuring Port-Based Network Access Control
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-68
For example, the following commands create an extended classification rule named “ext-r1” with the
precedence value set to 255 and assign the rule to a the “corporate” UNP profile:
-> unp classification-rule ext-r1 precedence 255
-> unp classification-rule ext-r1 profile1 corporate
Next, the following commands define a port rule and an authentication type rule and assign the rules to the
“ext-r1” extended rule:
-> unp classification-rule ext-r1 port 1/1/10
-> unp classification-rule ext-r1 authentication-type 8021x
Note that the “ext-1” rule combines a port rule and an authentication type rule. This combination of rules
is not allowed in a binding rule configuration.
The precedence value assigned to an extended classification rule is used to determine precedence only
among extended classification rules. However, all extended rules take precedence over all individual and
all binding rules. So if a device matches a binding rule (or an individual rule) and an extended rule, the
device is classified into the profile associated with the extended rule.
Use the show unp classification-rule command to verify the UNP extended classification rule
configuration for the switch. For example:
-> show unp classification-rule
Rule Name: "r1"
Precedence = 255,
Profile1 = corporate,
Conditions:
Domain = 0,
Port = 1/1/10,
Authentication-Type = 802.1x,
Rule Name: "ext_r2"
Precedence = 1,
Profile1 = unp1-vlan,
Profile2 = unp2-vxlan,
Conditions:
Domain = 20,
Mac-Address = 00:2a:94:11:22:01,
Port = 1/1/9,
LLDP MED Endpoint = IP-Phone,
Authentication-Type = None,
To Next Page
Loading...
