Configuring Access Guardian Access Guardian Application Examples
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-99
3 Configure the profile to specify the “alu-authserver” for RADIUS server accounting.
-> aaa profile ag-aaa-profile accounting 802.1x alu-authserver
4 Assign the AAA profile to a UNP port or to a UNP port template.
-> unp port 2/1/1 aaa-profile ag-aaa-profile
-> unp port-template 802.1x-template aaa-profile ag-aaa-profile
Application Example 3: Internal Captive Portal Authentication
In this example, network access control is provided for different types of users through Access Guardian
internal Captive Portal authentication. For example, university students, teachers, and visitors
authenticating through Captive Portal to receive different QoS policy lists based on the their role in the
network.
Internal Captive Portal authentication is initiated only through a UNP profile. As a result, the user must
initially be classified into a profile through Layer 2 authentication (802.1X or MAC), rule classification, or
assigned to a default UNP profile.
The UNP profile assigned must have Captive Portal authentication enabled. The Captive Portal
authentication process is used to assign a network access role (QoS policy list) to the user. Different policy
lists may be assigned to different users.
This application example demonstrates the internal Captive Portal authentication capability to dynamically
assign a network access role for a user device. The following steps provide a brief tutorial for how to
configure this example.
Network Configuration for Captive Portal Support
1 Configure the network DHCP server to give out the IP addresses in the subnet of the VLAN associated
with the UNP profile that will be used for Captive Portal authentication.
2 Configure the DNS with a DNS entry to map the Captive Portal name to the Captive Portal IP address
that is configured on the switches in the network.
OmniSwitch Configuration for Captive Portal Support
1 Configure a RADIUS server.
-> aaa radius-server alu-authserver host 10.242.254.101 hash-key secret
retransmit 3 timeout 2 auth-port 1812 acct-port 1813
2 Create an AAA profile to pre-define and apply a specific AAA configuration for this example.
-> aaa profile ag-aaa-profile
-> aaa profile ag-aaa-profile device-authentication captive-portal alu-
authserver
-> aaa profile ag-aaa-profile accounting captive-portal alu-authserver
3 Create the required VLANs.
-> vlan 10 admin-state disable name vlan-block
-> vlan 30 admin-state enable name vlan-guest
To Next Page
Loading...
