Alcatel-Lucent OmniSwitch 6860 Series

To Next Page

To Previous Page

Configuring Access Guardian Using Guest Tunneling

OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-91

• When the encapsulated guest traffic reaches GTTS-1, the GRE encapsulation information is removed

and the traffic is passed through the SAP loopback port to the VLAN loopback port.

• The VLAN loopback port is tagged with VLAN 50, where the guest traffic is then granted access to

perimeter network resources and the Internet.

• Return traffic destined for the Guest-1 and Guest-2 is forwarded on VLAN 50 and then passed through

the VLAN loopback port to the SAP loopback port.

• The SAP loopback port is mapped to an L2 GRE tunnel service, where the guest traffic is encapsulated

and then sent back through the tunnel to the appropriate edge switch.

• When the encapsulated guest traffic reaches the intended edge switch, the GRE encapsulation

information is removed and the traffic is forwarded to the guest device.

• A UNP Employee profile is configured on Edge Switch-1 and Edge Switch-2. The Employee profile is

mapped to a VLAN.

• Traffic from the Employee-1 and Employee-2 devices is classified into the UNP Employee profile and

forwarded on the mapped VLAN through the network.

The following command examples further illustrate how the Guest Tunneling functionality is configured

on each guest tunnel edge switch and on the GTTS.

Edge Switch-1:

-> ip interface “Loopback0” 10.0.0.1

-> unp profile Guest

-> unp profile Guest map service-type l2gre tag-value 0 vpnid 10 far-end-ip

30.0.0.2

-> unp port 1/1/2 port-type bridge

-> unp port 1/1/2 mac-authentication

-> unp port 1/1/2 default-profile Guest

-> vlan 40

-> unp profile Employee

-> unp profile Employee map vlan 40

-> unp port 1/1/1 port-type bridge

-> unp port 1/1/1 mac-authentication

-> unp port 1/1/1 default-profile Employee

Edge Switch-2:

-> ip interface “Loopback0” 20.0.0.1