Configuring Universal Network Profiles UNP Application Example
OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-43
Configure UNP Port Parameters
1 Enable UNP on the ports to which customer devices, employee devices, or virtualized servers are
connected. If UNP is not enabled on a port, UNP device classification is not applied to device traffic
received on that port.
-> unp port 1/1 enable
-> unp port 1/10 enable
-> unp port 1/20 enable
If port numbers are contiguous, specify a range of ports.
-> unp port 1/1-10
2 Enable MAC authentication on the UNP ports using the unp mac-authentication command. If authen-
tication is not enabled, the MAC of the device connected to the port is not sent to the RADIUS server for
authentication.
-> unp port 1/1-10 mac-authentication enable
3 Configure an alternate UNP, if necessary, using the unp mac-authentication pass-alternate
command. This UNP is applied to device traffic when authentication is successful but the RADIUS server
did not return a UNP name.
-> unp port 1/1-10
4 Enable classification on the UNP ports using the unp classification command. If classification is not
enabled, UNP will not apply profile rules to classify traffic.
-> unp port 1/1-10 classification enable
5 Configure a default UNP, if necessary, using the unp default-vlan-profile command. This UNP is
applied when all other options fail to classify the device.
-> unp port 1/1-10 default-unp def_unp
6 Configure the UNP port to trust the VLAN tag of a device packet, if necessary, using the unp port
trust-tag command. This allows UNP to assign a device to a switch VLAN that matches the VLAN tag
contained in packets received from the device. This type of assignment is done when all other options fail
to classify the device.
-> unp port 1/1 trust-tag enable
Untagged packets are assigned to the default UNP for the port, if a default UNP
is configured.
Configure Global UNP Parameters
1 Enable dynamic VLAN configuration, if necessary, using the unp dynamic-vlan-configuration
command. When this functionality is enabled and the VLAN associated with a UNP does not exist in the
switch configuration, the VLAN is dynamically created when the UNP is applied to any device.
-> unp dynamic-vlan-configuration enable
2 Specify a UNP to apply to device traffic when the authentication server is down using the unp auth-
server-down-unp command. An authentication server down timer is initiated for the device when the
device is assigned to the VLAN associated with this UNP.
-> unp auth-server-down-unp temp_unp
To Next Page
Loading...
Need help?
General