Configuring User Network Profiles; Configuring Qos Policy Lists - Alcatel-Lucent OmniSwitch 6850-48 Network Configuration Manual
Software release 6
Hide thumbs
Also See for OmniSwitch 6850-48:
- Cli reference manual (3706 pages) ,
- Management manual (312 pages) ,
- Hardware user's manual (188 pages)
Table of Contents
Advertisement
Configuring User Network Profiles
Note that enabling the HIC feature for the switch is not allowed if the HIC server information is not
configured. Check to see if the server configuration exists before attempting to enable this feature.
Use the
show aaa hic host
HIC status for each host. The
provide information about the HIC status and configuration for the switch.
For more information about HIC, see
Configuring User Network Profiles
User Network Profiles (UNP) are applied to host devices using Access Guardian device classification poli-
cies. However, configuring the profile name and the following associated attributes is required prior to
assigning the profile using device classification policies:
•
VLAN ID. All members of the profile group are assigned to the VLAN ID specified by the profile.
•
Host Integrity Check (HIC). Enables or disables device integrity verification for all members of the
profile group. See
•
QoS policy list name. Specifies the name of an existing list of QoS policy rules. The rules within the
list are applied to all members of the profile group. Only one policy list is allowed per profile, but
multiple profiles may use the same policy list.
To configure a UNP, use the
creates the "guest_user" profile to assign devices to VLAN 500, enable HIC, and apply the rules from the
"temp_rules" policy list:
-> aaa user-network-profile name guest_user vlan 500 hic enable policy-list-name
temp_rules
To verify the UNP configuration for the switch, use the
more information about user profiles, see
Configuring QoS Policy Lists
One of the attributes of a User Network Profile (UNP) specifies the name of a list of QoS policy rules.
This list is applied to a user device when the device is assigned to the user profile. Using policy lists
allows the administrator to associate a group of users to a set of QoS policy rules.
Configuring the QoS list is required prior to associating the list with a UNP. In addition, the policy rules
must exist before they are assigned to a policy list.
The
policy list
command is used to group a set of QoS policy rules into a list. For example, the following
commands create two policy rules and associates these rules with the "temp_rules" list:
-> policy condition c1 802.1p 5
-> policy action a1 disposition drop
-> policy rule r1 condition c1 action a1
-> policy condition c2 source ip 10.5.5.0
-> policy action a2 disposition accept
-> policy rule r2 condition c2 action a2
-> policy list temp-rules rules r1 r2 enable
-> qos apply
page 34-40
command to see a list of host MAC addresses the switch has learned and the
show aaa
hic,
show aaa hic
"Host Integrity Check (End-User Compliance)" on page
"Host Integrity Check (End-User Compliance)" on page 34-15
aaa user-network-profile
"User Network Profiles (Role-Based Access)" on page
OmniSwitch AOS Release 6 Network Configuration Guide
Configuring Access Guardian
server, and
show aaa hic allowed
command. For example, the following command
show aaa user-network-profile
commands
34-15.
for more information.
command. For
34-16.
September 2009
Hide quick links:
Advertisement
Table of Contents
