Quick Steps For Configuring Access Guardian - Alcatel-Lucent OmniSwitch 6850-48 Network Configuration Manual
Software release 6
Hide thumbs
Also See for OmniSwitch 6850-48:
- Cli reference manual (3706 pages) ,
- Management manual (312 pages) ,
- Hardware user's manual (188 pages)
Table of Contents
Advertisement
Configuring Access Guardian
Quick Steps for Configuring Access Guardian
When 802.1x is enabled for a switch port, default Access Guardian device classification policies are
applied to all devices connected to the port. As a result, it is only necessary to configure such policies if
the default policy is not sufficient for network access control. Therefore, the following quick steps are
optional but provide a brief tutorial for configuring Access Guardian policies:
1
To configure an Access Guardian policy that will authenticate and classify 802.1x users (supplicants),
use the
802.1x supplicant policy authentication
-> 802.1x 2/12 supplicant policy authentication pass group-mobility default-vlan
fail vlan 10 captive-portal
2
To configure an Access Guardian policy that will authenticate and classify non-802.1x users (non-
supplicants), use the
-> 802.1x 2/12 non-supplicant policy authentication pass group-mobility default-
vlan fail vlan 10 captive-portal
3
To configure an Access Guardian Captive Portal policy that will classify web-based clients, use the
802.1x captive-portal policy authentication
Captive Portal option of a supplicant or non-supplicant policy is applied.
-> 802.1x 2/12 captive-portal policy authentication pass vlan 100 block fail
vlan 10
4
To configure the length of a Captive Portal session, use the
command.
-> 802.1x 3/1 captive-portal session-limit 8
5
To configure the number of Captive Portal login attempts allowed before a device is classified as a
failed login, use the
802.1x captive-portal retry-count
-> 802.1x 3/1 captive-portal retry-count 5
6
To bypass authentication and restrict device classification of non-802.1x users to VLANs that are not
authenticated VLANs, use the
-> 802.1x 3/10 non-supplicant policy vlan 43 block
7
To set the Access Guardian policy back to the default classification policy for an 802.1x port, use the
802.1x policy default
-> 802.1x 3/10 policy default
Note. Verify the Access Guardian configuration using the
command:
-> show 802.1x device classification policies
Device classification policies on 802.1x port 2/26
Supplicant:
authentication:
pass: group-mobility, default-vlan (default)
fail: block (default)
Non-Supplicant:
block (default)
OmniSwitch AOS Release 6 Network Configuration Guide
802.1x non-supplicant policy authentication
802.1x non-supplicant policy
command.
Quick Steps for Configuring Access Guardian
command.
command.
command. Note that this policy is triggered only when the
802.1x captive-portal session-limit
command.
command.
show 802.1x device classification policies
September 2009
page 34-5
Hide quick links:
Advertisement
Table of Contents
