Configuring Access Guardian Access Guardian Overview
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-22
• If a port is configured as a UNP bridge port, then traffic received on that port is only classified using
VLAN profiles.
• If a port is configured as a UNP access port, then traffic received on that port is only classified using
service profiles.
The port type basically determines if device traffic received on that port is classified into the VLAN
domain or the service domain.
When a UNP bridge port is dynamically assigned to a VLAN, a VLAN port association (VPA) is created
and tracked by VLAN management software on each switch. Because the UNP configuration is applied to
each device connected or forwarded through a UNP port, the UNP port can associate with more than one
VLAN.
UNP access ports are not dynamically assigned to VLANs. Instead, traffic received on the port is
classified to a Service Access Point (SAP). A SAP is a virtual port that maps classified device traffic to a
service.
UNP Port Attributes
In addition to the UNP port type, there are configurable UNP port-level attributes that determine the
following for devices connected to a UNP port or link aggregate:
• The type of device authentication (802.1X and/or MAC) attempted, if any.
• Whether device classification is enabled to move devices into profiles based on the outcome of the
device authentication process. For example, authentication is not enabled or fails to determine the
profile assignment for the device.
• Whether devices that do not receive a UNP profile assignment through the authentication or
classification process are assigned to a default profile associated with the UNP port.
• If device traffic is segregated into logical groups based on the domain ID assigned to the UNP port.
• If a port bounce is performed on a UNP bridge port that interacts with the Unified Policy Access
Manager (UPAM) or the ClearPass Policy Manager (CPPM) as part of the OmniSwitch Bring Your
Own Devices (BYOD) solution.
UNP port-level attributes are different from UNP profile-level attributes as follows:
• Port-level attributes define the UNP functionality that is applied to device traffic to help determine the
UNP profile assignment for the device.
• Profile-level attributes define the UNP functionality that is applied once a device is assigned to a
profile. Profile attributes determine the level of access to network resources for devices assigned to the
profile and whether devices are redirected to a UPAM server or a CPPM server for authentication and
classification.
For more information about UNP port attributes, see “Configuring UNP Port-Based Functionality” on
page 28-38.
UNP Port Domains
A UNP port domain is a configurable port-level attribute that provides an additional method for
segregating device traffic. A domain is identified by a numerical ID, which can be assigned to UNP ports
and profile classification rules. By default, all UNP ports (bridge and access) and profile rules are assigned
to domain 0.
To Next Page
Loading...
