Table of Contents
Advertisement
UNP Overview
applied based on the outcome of authentication. See
page 27-13
for more information.
•
QoS policy list name. Specifies the name of an existing list of QoS policy rules. The rules within the
list are applied to all members of the profile group to enforce access to network resources. Only one
policy list is allowed per profile, but multiple profiles may use the same policy list. See
QoS Policy Lists" on page 27-37
An administrator can implement the same UNP name across the entire network infrastructure, as the
VLAN association is kept locally on each switch. For example, the administrator can deploy the UNP
named "Engineering" in one building using VLAN 10, while the same UNP deployed in another building
can use VLAN 20. The same UNP access controls are applied to all profile devices in each building, even
though they belong to different VLANs.
Dynamic VLAN Profiles
UNP functionality provides the ability to dynamically create VLAN classification profiles based on very
specific traffic conditions. A UNP profile is dynamically created when the trust VLAN tag option is
enabled on the UNP port or link aggregate and one of the following conditions occurs:
•
A tagged packet received on the UNP port contains a VLAN tag that matches an existing MVRP
VLAN in the switch configuration that is not assigned to a profile.
•
There is no matching VLAN in the switch configuration.
Dynamic profiles are saved in the switch configuration, and profile attributes are configurable in the same
manner as manually created profiles.
Service Profiles
UNP service classification profiles are manually created by the administrator. Dynamic configuration of
service profiles is not supported. In addition, service profiles are not supported in an MCLAG configura-
tion at this time.
A UNP service classification profile consists of the following attributes:
•
UNP name. The UNP name is obtained from the RADIUS server and mapped to the same profile
name configured on the switch. If authentication is not used or fails, other classification methods can
provide the UNP name.
•
Tag value. A VLAN tag value that UNP uses to determine the SPB service access point (SAP) to
which classified traffic is mapped. If this value is set to zero, the VLAN tags of the classified traffic are
used to determine the SAP assignment.
•
I-SID number. A service instance identifier that is used to identify an SPB service in a provider back-
bone bridge (PBB) network. The specified I-SID is bound to the SPB BVLAN for the profile.
•
Backbone VLAN. The SPB BVLAN on which classified profile traffic is forwarded. The BVLAN ID
specified must already exist in the switch configuration.
•
Classification Rules. A UNP can specify classification rules that are used to assign devices to a profile
based on the source MAC address, source IP address, or VLAN tag of device packets. UNP rules are
applied based on the outcome of authentication. See
page 27-13
for more information.
•
QoS policy list name. Specifies the name of an existing list of QoS policy rules. The rules within the
list are applied to all members of the profile group to enforce access to network resources. Only one
page 27-10
"Device Authentication and Classification" on
for more information.
"Device Authentication and Classification" on
OmniSwitch AOS Release 7 Network Configuration Guide
Configuring Universal Network Profiles
"Configuring
June 2013
- Quick Links:
- Configuring Vlans
Hide quick links:
Advertisement
Table of Contents
