Alcatel-Lucent OmniSwitch 6860 Series

To Next Page

To Previous Page

Configuring Access Guardian Access Guardian Application Examples

OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-102

• Guest supplicant device.

– Fails 802.1X authentication.

– If an 802.1X failure policy is not set and classification is not enabled, a default UNP profile

associated with the UNP port will be assigned. Captive Portal authentication is enabled for the

default profile.

– The Captive Portal authentication pass condition may apply a new access policy list or the access

policy list associated with the default profile is applied.

• Guest non-supplicant device.

– Fails 802.1X authentication.

– MAC authentication is not automatically triggered, unless explicitly enabled on the UNP port.

– If MAC authentication fails and classification is not enabled, a default UNP profile associated with

the UNP port will be assigned. Captive Portal authentication is enabled for the default profile.

– The Captive Portal authentication pass condition may apply a new access policy list or the access

policy list associated with the default profile is applied.

The following steps provide a brief tutorial for how to configure this application example:

1 Configure a RADIUS server.

-> aaa radius-server alu-authserver host 10.242.254.101 hash-key secret

retransmit 3 timeout 2 auth-port 1812 acct-port 1813

2 Create an AAA profile to pre-define and apply a specific AAA configuration for this example.

-> aaa profile ag-aaa-profile device-authentication 802.1x alu-authserver

-> aaa profile ag-aaa-profile accounting 802.1x alu-authserver

-> aaa profile ag-aaa-profile device-authentication mac alu-authserver

-> aaa profile ag-aaa-profile accounting mac alu-authserver

-> aaa profile ag-aaa-profile device-authentication captive-portal alu-

authserver

-> aaa profile ag-aaa-profile accounting captive-portal alu-authserver

3 Create the required VLANs.

-> vlan 10 admin-state disable name vlan-block

-> vlan 20 admin-state enable name vlan-corporate

-> vlan 30 admin-state enable name vlan-guest

4 Create the required UNP profiles.

-> unp profile corporate

-> unp profile guest

5 Map the UNP profiles to the appropriate VLANs.

-> unp profile corporate map vlan 20

-> unp profile guest map vlan 30

6 Create a default UNP profile.

-> unp profile def_unp

7 Map the default UNP profile to VLAN 10.

-> unp profile def_unp map vlan 10

Related product manuals