Configuring Access Guardian OmniAccess Stellar AP Integration
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-71
• Link Layer Detection Protocol (LLDP) parameters. The first packet a connected AP device sends
should be an LLDP-MED TLV that identifies the device as an AP. When the AP device is detected on
the UNP port, the switch sends LLDP packets to the AP device to communicate the management
VLAN (LLDP Port Vlan ID TLV) and the AP Location (LLDP Proprietary TLV).
– The management VLAN advertised to the AP device is the VLAN associated with the UNP profile
to which the AP device is classified.
– The AP Location advertised to the AP device is derived from local switch information (such as the
UNP port, chassis MAC address, system name, system location).
• UNP port parameters. The port to which an AP device connects must be configured as a UNP bridge
port. The trust tag option for the UNP port is operationally enabled so that any tagged traffic coming
from the AP device will automatically be trusted. This ensures that client-tagged traffic sent from the
AP is forwarded on the VLAN domain that corresponds with the VLAN tag of the wireless client
traffic.
– A tagged MAC address is classified into the matching tagged VLAN. If that VLAN does not exist
on the switch, a dynamic VLAN is created. For example, if the customer tag is VLAN 200 but this
VLAN does not exist, the switch will dynamically create VLAN 200 to accommodate the client-
tagged traffic.
– When an AP MAC address is detected on a UNP port, the switch will flush all other MAC
addresses previously learned on that same port. This ensures that the AP MAC address is always the
first MAC address learned on that port; a requirement that designates the UNP port as an AP
detected port.
– By default, 802.1X and MAC authentication are enabled on UNP ports. If authentication of an AP
device is not required, disable one or both of these options.
• WLAN access role profile (defaultWLANProfile). The defaultWLANProfile is a built-in profile that
is designated for classifying Stellar AP devices. This profile is automatically assigned to a built-in
UNP LLDP classification rule for APs that will recognize active AP devices connected to the switch
and assign them to the defaultWLANProfile. The VLAN that is mapped to this profile will serve as the
management VLAN for the classified AP devices.
– The LLDP UNP classification rule for access points and the defaultWLANProfile are both
implicitly configured on the switch. However, mapping a VLAN to the defaultWLANProfile
requires explicit configuration.
– Using the defaultWLANProfile to classify AP devices ensures that all of the AP devices connected
to each switch in the wired network will use the same management VLAN.
– The defaultWLANProfile is similar to a standard UNP VLAN profile except that the profile cannot
be deleted; it is a built-in profile that is always available in the switch configuration.
– The defaultWLANProfile does not appear in the configuration snapshot for the switch. However,
when the default value for any of the configurable profile attributes is modified, then the profile
settings will appear in the configuration snapshot.
• WLAN access role profile (defaultWLANProfile) attributes. In addition to the VLAN mapping,
only the following profile attributes are configurable for the defaultWLANProfile:
– QoS policy list. By default, there is no policy list assigned to a profile. Optionally assign a QoS
policy list to apply further network access control to an AP device.
– Authentication flag. By default, the Layer 2 authentication flag for a profile is disabled. Optionally
enable the authentication flag to specify that only Layer 2 (802.1X or MAC) authenticated AP
devices are allowed into the profile.
– Mobile tag. By default the mobile tag status is disabled for a profile. Optionally enable the mobile
tag status to specify that the first user that is learned on a UNP port and classified into the specified
UNP profile will cause the UNP port to be added as a tagged member of the VLAN associated with
the profile.
To Next Page
Loading...
