Configuring Access Guardian Access Guardian Application Examples
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-103
8 Create a port template to pre-define and apply configuration parameters to the UNP port.
-> unp port-template auth-template
9 Set the default UNP profile parameter for the port template to “guest”.
-> unp port-template auth-template default-profile guest
10 Set the MAC and 802.1X authentication parameters to “enable” for the port template. Can also define a
pass alternate UNP profile for the template in case the RADIUS server does not return a UNP profile
name when 802.1X or MAC authentication passes.
-> unp port-template auth-template mac-authentication
-> unp port-template auth-template 802.1x-authentication
-> unp port-template auth-template mac-authentication pass-alternate corporate
-> unp port-template auth-template 802.1x-authentication pass-alternate
corporate
11 Assign the port template to a UNP port.
-> unp port 2/1/1 port-template auth-template
12 Create a Captive Portal profile.
-> captive-portal-profile cp-profile
-> captive-portal-profile cp-profile aaa-profile ag-aaa-profile
13 Add a Captive Portal authentication pass policy list to the Captive Portal profile.
-> captive-portal-profile cp-profile authentication-pass policy-list cp-default-
list
14 Enable Captive Portal authentication for the UNP profile and assign the Captive Portal profile to that
UNP profile.
-> unp profile guest captive-portal-authentication
-> unp profile guest captive-portal-profile cp-profile
How it Works
In this application example, traffic received on the UNP port triggers the following actions on the switch:
• Traffic from a supplicant device triggers the 802.1X authentication process.
• If 802.1X authentication passes, the client is classified into the UNP profile name returned from the
RADIUS server or classified into the “corporate” UNP profile.
• If 802.1X authentication fails, the client is classified into the default UNP profile associated with the
UNP port. This happens because rule classification is disabled on the UNP port. Captive Portal
authentication is enabled for the default UNP profile.
• Traffic from a non-supplicant device triggers the MAC authentication process.
• If MAC authentication passes, the client is classified into the UNP profile name returned from the
RADIUS server or classified into the “corporate” UNP profile.
• IF MAC authentication fails, the client is classified into the default UNP profile associated with the
UNP port. This happens because rule classification is disabled on the port. Captive Portal
authentication is enabled for the default UNP profile.
To Next Page
Loading...
