Configuring Unp Port-Based Access Control - OmniSwitch os6900 Network Configuration Manual

Configuring UNP Port-Based Access Control

•
Enable or disable trust VLAN tag. Specifies whether or not the VLAN ID in the device packet is
trusted. When enabled, packets carrying a VLAN ID tag that matches a VLAN configured on the
switch are dynamically assigned to that VLAN. See
page 27-31.
Configuring UNP Port-Based Access Control
To provide UNP port-based network access control, MAC authentication must be enabled for the switch
and the switch must know which RADIUS server to use for authenticating devices. In addition, UNP must
be enabled on each port to make the traffic received on that port eligible for UNP device authentication
and classification.
The following sections provide more information about these procedures.
Enabling MAC Authentication
Use the aaa device-classification mac command to enable MAC authentication for the switch and spec-
ify an authentication server (or servers) to be used for authenticating non-supplicants on UNP ports. The
servers specified with this command must already be configured through the
The following example command specifies authentication servers for authenticating non-supplicant
devices on 802.1x ports:
-> aaa device-authentication mac rad1 rad2
For more information about using MAC authentication and classifying non-supplicant devices, see
"Device Authentication and Classification" on page 27-13
page 27-27.
Enabling UNP on Ports
By default, UNP is disabled on all switch ports. To enable UNP on a port, use the
-> unp port 3/1 enable
-> unp port 4/1-10 enable
The above unp port commands enable UNP on port 1 of slot 3 and on ports 1-10 on slot 4.
To disable UNP on a port, use the disable option with unp port command.
Note. Disabling UNP on a port clears the UNP configuration for that port.
-> unp port 3/1 disable
-> unp port 4/1-10 disable
Configuring the Port Type
UNP is used to classify device traffic into either the VLAN domain or the Shortest Path Bridging (SPB)
service domain on the switch. The UNP port type determines which domain to which traffic received on
the port is classified. There are two UNP port type options: bridge (VLAN domain) and access (service
domain).
page 27-28
"Configuring the Trust VLAN Tag Status" on
and "UNP Configuration Overview" on
OmniSwitch AOS Release 7 Network Configuration Guide
Configuring Universal Network Profiles
aaa radius-server
unp port command.
command.
June 2013