Configuring Access Guardian Bring Your Own Devices (BYOD) Overview
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-125
-> policy service http80 destination tcp-port 80
-> policy service http8080 destination tcp-port 8080
-> policy service https443 destination tcp-port 443
-> policy service group alaRestrictedHttpSG http80 http8080 https443
-> policy port group pg1 1/1/1-20
-> policy condition byod service group alaRestrictedHttpSG
-> policy condition cppm source port group pg1 destination ip 135.254.163.143
-> policy action byod_action redirect module BYOD
-> policy action cppm
-> policy rule byod_rule condition byod action byod_action no default-list
-> policy rule cppm condition cppm action cppm no default-list
-> policy list reg_policy_list type unp
-> policy list reg_policy_list rules byod_rule cppm
-> qos apply
In this example, the custom QoS redirect policy list named “req_policy_list” is created with the required
items (highlighted in blue). To allow this custom policy list to override the built-in policy, the UPAM or
CPPM is configured to return the “req_policy_list” list name in the Alcatel-Access-Policy-List VSA.
Configuring UNP Port Authentication
UNP functionality and authentication settings must be enabled on the switch ports for the authentication
process to begin. Use the unp configuration commands to enable UNP functionality on a port and specify
the type of authentication to apply to traffic received on that port. For example:
-> unp port 1/1/4 port-type bridge
-> unp port 1/1/4 802.1x-authentication
-> unp port 1/1/4 mac-authentication
-> unp port 1/1/4 802.1x-authentication failure-policy mac
In this example, both 802.1X and MAC authentication is enabled on UNP port 1/1/4. In addition, an
802.1X authentication failure policy is configured for the port to direct the switch to attempt MAC
authentication after a device on port 1/1/4 fails 802.1X authentication. This is particularly helpful when
a guest device with built-in 802.1X credentials fails the initial 802.1X authentication process.
Configuring Port Bounce
Port bouncing is used to force a re-authentication for non-supplicant devices. By default, the port bounce
action is enabled on all ports. Use the unp redirect port-bounce command to change the port bounce
status. For example:
-> unp port 1/1/4 redirect port-bounce
-> unp port 1/1/4 redirect port-bounce
If a port is not specified with the unp redirect port-bounce command, the status is changed on a global
basis for all UNP ports. For example:
-> unp redirect port-bounce enable
The port-level setting overrides the global setting for the port bounce operation.
Configuring the Pause Timer
The pause timer specifies an amount of time during which traffic from non-supplicant devices is filtered.
By default, the pause time is set to zero. Use the unp redirect pause-timer command to set the pause
timer value, in seconds. For example:
-> unp redirect pause-timer 120
To Next Page
Loading...
