Alcatel-Lucent OmniSwitch 6850-48 Network Configuration Manual page 740
Software release 6
Hide thumbs
Also See for OmniSwitch 6850-48:
- Cli reference manual (3706 pages) ,
- Management manual (312 pages) ,
- Hardware user's manual (188 pages)
Table of Contents
Advertisement
Access Guardian Overview
•
Use Group Mobility to dynamically assign a device to a VLAN or apply a UNP. VLAN rules and UNP
mobile rules are used by Group Mobility to classify user devices.
•
Perform a Host Integrity Check (HIC) to determine if the end user device is compliant with network
access requirements. For example, is the device using a specific version of anti-virus software. HIC is
enabled or disabled through a User Network Profile.
•
Apply a list of QoS policy rules to end user device traffic. A QoS policy list is associated with a UNP
and applied to all devices that are associated with that profile.
•
Do not perform any type of authentication on the device; only apply classification policies to deter-
mine what the end user can access on the network.
•
Redirect the end user device to a Web-based login page for authentication.
•
Block the device from accessing the network.
Device Classification Policy Types
There are four types of Access Guardian device classification policies: 802.1X authentication (suppli-
cants), MAC-based authentication (non-supplicants), Captive Portal authentication (supplicant and non-
supplicant), and non-supplicant (no authentication). These policies provide the following configurable
policy options for classifying devices:
1
Captive Portal—redirects the user device to a Web-based login screen and requires the user to enter
credentials to gain network access. This option is used only with the 802.1X, MAC, or Non-supplicant
policies. The Captive Portal policy is applied after Web-based authentication is attempted, so this option is
not valid for Captive Portal policies. See
2
Group Mobility—uses Group Mobility VLAN rules and User Network Profile (UNP) mobile rules to
determine the VLAN assignment for a device. UNP rules apply a profile to any device that matches the
UNP rule criteria. Note that UNP mobile rules take precedence over VLAN rules. See
Mobile Rules?" on page
3
VLAN ID—assigns the device to the specified VLAN.
4
Default VLAN—assigns a device to the default VLAN for the 802.1x port.
5
User Network Profile (UNP)—applies a pre-configured profile to a user device. The profile specifies
a required VLAN ID, the optional Host Integrity Check (HIC) status, and an optional QoS policy list
name. See
"User Network Profiles (Role-Based Access)" on page
6
Block—blocks a device from accessing the 802.1x port.
It is possible to configure one or more of the above options for a single policy. The order in which the
policy options are applied to a device is determined by the order in which the option was configured. For
example, if a MAC-based authentication policy is configured to use the Group Mobility and default
VLAN options, then the policy actions are applied in the following sequence:
1
MAC-based authentication is performed.
2
If authentication was successful and provided a VLAN ID, the client is assigned to that VLAN and no
further policy options are applied.
3
If a VLAN ID was not provided or authentication failed, then Group Mobility applies VLAN rules or
UNP mobile rules.
page 34-14
"Configuring the Captive Portal Policy" on page
34-18.
OmniSwitch AOS Release 6 Network Configuration Guide
Configuring Access Guardian
34-30.
"What are UNP
34-16.
September 2009
Hide quick links:
Advertisement
Table of Contents
