Configuring UNP Port-Based Access Control Configuring Universal Network Profiles
page 27-30 OmniSwitch AOS Release 7 Network Configuration Guide June 2013
Configuring an Alternate Pass UNP
When MAC authentication is enabled for the UNP port, it is also possible to specify an alternate UNP that
is applied when MAC authentication passes but the RADIUS server does not return a UNP name. The
UNP port type (bridge or access) determines the type of alternate profile (VLAN or service) to specify
The unp mac-authentication pass-alternate command is used to specify an alternate UNP. For example,
the following command configures VLAN profile “vlan10_pass” as the alternate UNP for bridge port 1/
10:
-> unp port 1/10 mac-authentication pass-alternate vlan-profile vlan10_pass
The following command example configures service profile “service1_pass” as the alternate UNP for
access port 1/15:
-> unp port 1/15 mac-authentication pass-alternate spb-profile service1_unp
The UNP name specified with this command must already exist in the switch configuration. If an alternate
pass UNP is not configured for the port, then other classification methods configured for the port are
applied.
For more information about configuring VLAN and service profiles, see “Configuring Profiles” on
page 27-33.
Enabling Classification
By default, when UNP is enabled on the port, classification is disabled. This means that no UNP classifi-
cation rules are applied to device traffic received on that port. Instead, other classification parameters
configured for the port are applied.
If classification is enabled on the UNP port, all classification rules configured for any UNP in the switch
configuration are applied to traffic received on the port when one of the following occurs:
• MAC authentication is not enabled on the port.
• MAC authentication is enabled but the RADIUS server information is not configured for the switch.
• MAC authentication fails.
To enable classification for the UNP port, use the unp classification command with the enable option.
-> unp port 1/10 classification enable
To disable classification, use the unp port classification command with the disable option.
-> unp port 1/15-20 classification disable
If a device does not match any UNP classification rules, then the switch checks to see if one of the follow-
ing classification methods are available to apply to the device:
• A default UNP is configured for the port. See “Configuring a Default UNP” on page 27-31.
• The trust VLAN tag function is enabled for the port. See “Configuring the Trust VLAN Tag Status” on
page 27-31.
To Next Page
Loading...
Need help?
General