Table of Contents
Advertisement
Configuring Access Guardian
•
When traffic is received from devices connected to ports 1/15-20, the switch determines if there are
any classification rules associated with domain 2 and applies that rule to the traffic. Because UNP ports
1/15-20 belong to domain 2, the MAC address range rule is applied to traffic received on those ports.
•
The source MAC address of device traffic received on ports 1/15-20 is examined to see if it falls within
the range of addresses defined in the MAC address range rule. If the source MAC address of the device
does fall within the specified range, the device is then assigned to the "CustA" profile.
•
Network access control attributes configured for the "CustA" profile are then applied to device traffic
assigned to that profile.
Configuring Layer 2 Profiles for UNP Access Ports
A Layer 2 profile determines how control frames received on a UNP access port are processed. When a
port is configured as a UNP access port, a default Layer 2 profile (unp-def-access-profile) is applied to
the port with the following default values for processing control frames:
Protocol
STP
802.1x
802.3ad
802.1ab
GVRP
MVRP
AMAP
If the default profile values are not sufficient, use the
and peer options to create a new profile. For example, the following command creates a profile named
"DropL2":
-> service l2profile DropL2 stp drop gvrp drop 802.1ab drop
Consider the following when configuring Layer 2 profiles:
•
Not all of the control protocols are currently supported with the peer, tunnel, and drop parameters.
Use the following table to determine the parameter combinations that are supported:
Protocol
STP
802.1x
802.1ab
802.3ad
GVRP
MVRP
AMAP
•
When a profile is created, the new profile inherits the default profile settings for processing control
frames. The default settings are applied with the new profile unless they are explicitly changed. For
OmniSwitch AOS Release 8 Network Configuration Guide
Default
tunnel
peer
peer
drop
tunnel
tunnel
drop
Reserved MAC
01-80-C2-00-00-00
01-80-C2-00-00-03
01-80-C2-00-00-0E
01-80-C2-00-00-02
01-80-C2-00-00-21
01-80-C2-00-00-21
00-20-DA-00-70-04
Configuring Port-Based Network Access Control
service l2profile
command with the tunnel, drop,
peer
discard
no
yes
yes
yes
yes
yes
yes
no
no
yes
no
yes
yes
yes
December 2017
tunnel
yes
yes
yes
no
yes
yes
no
page 28-49
- Quick Links:
- Ethernet Port Defaults
Hide quick links:
Advertisement
Table of Contents
