Configuring Access Guardian Configuring Port-Based Network Access Control
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-58
SAA profile is first created and then assigned to a UNP VLAN-based profile; UNP service-based profiles
do not support this functionality.
To configure an SAA profile, use the unp saa-profile command. For example, the following command
creates an SAA profile named “unp_saa1” and defines both jitter and latency threshold values for the
profile:
-> unp saa-profile unp_saa1 jitter-threshold 100 latency-threshold 500
To assign an SAA profile to a UNP VLAN profile, use the unp profile saa-profile command with the
saa-profile parameter. For example, the following command assigns SAA profile “unp_saa1” to VLAN
profile “unp1”:
-> unp profile unp1 saa-profile unp_saa1
Mapping Service Parameters to a UNP Profile
There are two types of service-based mappings supported: Shortest Path Bridging (SPB) and Virtual
eXtensible LAN (VXLAN). The required elements of an SPB service mapping are as follows:
• The name of an existing UNP profile
• VLAN tag value
• Service instance ID (I-SID)
• Backbone VLAN (BVLAN) ID.
The required elements of a VXLAN service mapping are as follows:
• The name of an existing UNP profile
• VLAN tag value
• VXLAN Network ID (VNID)
• A list of far-end IP addresses and/or a multicast group IP address to identify the VXLAN Tunnel End
Points (VTEPs) for traffic classified into this profile.
When a device is dynamically assigned to an SPB or VXLAN service profile, a dynamic process is
triggered to create an SPB or VXLAN Service Access Point (SAP) based on the service parameters
specified in the profile mapping. Traffic from the device is then forwarded on the dynamically created
SAP.
A SAP is comprised of the UNP access port on which device traffic is received, a VLAN tag value for the
SAP encapsulation, and a service instance (SPB I-SID or VXLAN Network ID). The encapsulation
identifies the traffic received on the UNP access port that the SAP will forward on the service instance that
is associated with the SAP.
Consider the following when configuring an SPB or VXLAN service mapping for a UNP profile:
• Configuring a new service mapping for a profile will overwrite the existing service mapping for that
profile. Any change to the mapping configuration of the profile will flush all MAC addresses learned
on that profile.
Note. Although SAA profiles can be configured and assigned to a UNP through the CLI, these profiles are
mainly used by the OmniVista network management application to monitor connections between virtual
machines (VMs) in a data center network.
To Next Page
Loading...
