Configuring Access Guardian Bring Your Own Devices (BYOD) Overview
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-124
Configuring UNP Profiles
Users connected to UNP-enabled ports are moved into a specific UNP profile based on the outcome of the
authentication process. This type of profile is created using the unp profile command. For example:
-> unp profile UNP-guest
-> unp profile UNP-restricted
To support interaction with the UPAM or CPPM server, the same UNP profile name must be configured
on both the OmniSwitch and on the UPAM or CPPM server. In addition, the Captive Portal authentication
flag for the OmniSwitch profile must be disabled. For example:
-> no unp profile UNP-guest captive-portal-authentication
-> no unp profile UNP-restricted captive-portal-authentication
Once a UNP profile is created with the Captive Portal authentication flag disabled, then the profile must
be mapped to a VLAN ID. Users classified into the profile are dynamically assigned to the associated
VLAN ID. To assign a VLAN ID to a profile, use the unp profile map vlan command. For example:
-> unp profile UNP-guest map vlan 100
-> unp profile UNP-restricted map vlan 455
Configuring Redirection with Dynamic URLs
The redirect server and the URL returned by the server are used to present guest users with different web
pages depending on what state of authentication they are in. HTTP traffic from the user is redirected
towards the URL returned by the server. Use the unp redirect-server command to specify the IP address
of the redirect server, which should match the IP address in the returned URL. For example:
-> unp redirect-server ip-address 192.168.1.244
If the OmniSwitch redirect server IP address does not match the redirect IP address in the UPAM or
CPPM server configuration, HTTP traffic is not redirected to the URL.
To allow the user device to access other servers (such as a remediation server), use the unp redirect
allowed-name command. For example:
-> unp redirect allowed-name server2 ip-address 10.0.0.20 ip-mask 255.0.0.0
Configuring a Custom Redirect Policy
When UPAM or CPPM returns a UNP with a redirect URL VSA but without an Alcatel-Access-Policy-
List VSA, the OmniSwitch applies a built-in QoS policy list to the user. The built-in list allows DNS,
ICMP, ARP, DHCP, and redirects Web traffic to the configured redirect UPAM or CPPM server.
However, the administrator may want to apply a custom QoS redirect policy list that will override the
built-in policy.
To override the built-in list policy list with a custom policy list for BYOD redirection:
• Create a custom redirect policy list on the OmniSwitch. Make sure the list rules contain the following
required items:
– A QoS service group named “alaRestrictedHttpSG”.
– A redirect module policy action with the byod option.
• Configure UPAM or CPPM to return the OmniSwitch list name in the Alcatel-Access-Policy-List
VSA. The policy list name in the VSA must match the name of the custom redirect policy list.
The following is an example of a custom QoS redirect policy list:
To Next Page
Loading...
