Configuring Access Guardian Bring Your Own Devices (BYOD) Overview
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-123
Configuring OmniSwitch BYOD Support
BYOD is supported on UNP ports for supplicant and non-supplicant registered and guest users and
devices.The BYOD solution leverages the existing Access Guardian UNP capability and is applicable only
on UNP ports. The following general configuration tasks are required to ensure the necessary interaction
between an OmniSwitch and the UPAM or CPPM server:
• Configure the UPAM or CPPM server as an AAA RADIUS server.
• Set the switch to use the UPAM or CPPM server for 802.1X and MAC authentication. The
authentication process will determine the UNP profile to which BYOD users are classified.
• Configure the UNP profiles that will be returned from the UPAM or CPPM server. Make sure the
Captive Portal authentication flag is disabled on each of these profiles to ensure BYOD redirection.
• Configure the UPAM or CPPM server as the redirect server for the switch.
• Configure UNP port-based functionality on the switch ports that will connect to the user devices.
• Configure the OmniSwitch to relay DHCP traffic to the UPAM or CPPM server as well as the DHCP
server, which assigns the IP addresses to the clients connected to the switch. UPAM or CPPM uses this
information to assist with device profiling.
• Configure the UPAM or CPPM server with the IP address of the OmniSwitch. In addition, configure
the UPAM or CPPM with the same shared secret that was assigned through the AAA RADIUS server
configuration on the OmniSwitch.
• Configure the UPAM or CPPM server with the required services (for example, MAC authentication,
802.1X, and any generic RADIUS enforcement service) to support the following features.
– Device profiling
– Device Onboarding
– Guest Registration
–Posture check
– Captive portal
The following generic configuration examples apply only to the OmniSwitch components for interaction
with a UPAM or CPPM server. For more detailed application examples, refer to “BYOD Application
Examples” on page 28-142.
Configuring the UPAM or CPPM server as an AAA RADIUS Server
The UPAM or CPPM server must be configured on the OmniSwitch as an AAA RADIUS server that will
handle 802.1X and MAC authentication requests from the switch. Optionally, the OmniSwitch can also be
set to use the UPAM or CPPM server for 802.1X and MAC accounting sessions as well. For example:
-> aaa radius-server cppm host 192.168.1.244 key e47ac0f11e9fa869 retransmit 3
timeout 2 auth-port 1812 acct-port 1813
-> aaa device-authentication 802.1x cppm
-> aaa device-authentication mac cppm
-> aaa accounting 802.1x cppm
-> aaa accounting mac cppm
Note. Configure the OmniSwitch to interact only with the OmniVista UPAM server or the CPPM server.
To Next Page
Loading...
