Alcatel-Lucent OmniSwitch 9900 Series Network Configuration Manual page 784

Configuring Access Guardian
-> unp classification lldp med-endpoint access-point profile1 defaultWLANProfile
Note. An LLDP MED Endpoint AP rule is implicitly created and assigned to "defaultWLANProfile" (a
built-in UNP profile on the switch) when the switch boots up. This facilitates the automatic discovery and
management of OmniAccess Stellar APs that are connected to the switch.
Configuring Binding Rules for UNP Profiles
A binding rule defines a combination of one or more individual rules, all of which a device has to match.
The following binding rule combinations are configurable and are listed in the order of precedence:
1
Port + MAC address + IP address
2
Port + MAC address
3
Port + IP address
4
Domain ID + MAC address + IP address
The precedence order of binding rules is used to determine precedence among only binding classification
rules. However, all binding rules take precedence over all individual rules. So if a device matches both an
individual rule and a binding rule, the device is classified into the profile associated with the binding rule.
The same commands used to configure individual classification rules are also used to configure binding
rule combinations. For example, the unp classification mac-address command is used in the following
example to configure a binding rule that combines a MAC address rule, an IP address rule, and a port rule:
-> unp classification mac-address 00:11:22:33:44:55 ip-address 10.0.0.20 mask
255.255.0.0 port 1/1/1 profile1 serverA
If the source MAC address, source IP address, and port of a device matches the MAC address, IP address,
and port defined in the example binding rule, then the device is classified into the "serverA" profile and
assigned to the VLAN associated with that profile.
Configuring Extended Classification Rules for UNP Profiles
An Extended classification rule defines a list of individual rules and assigns the list a name and a
precedence value. A device must match all of the rules specified in the extended rule list.
The unp classification-rule
the rule. The following commands are used to define classification rules and assign the rules to the
extended rule name:
Precedence Step/Rule
1. Port
2. Domain ID
3. MAC address
4. MAC OUI
5. MAC address range
6. LLDP Media Endpoint
Devices
7. Authentication Type
8. IP address
9. VLAN tag
OmniSwitch AOS Release 8 Network Configuration Guide
command is used to create an extended rule and set the precedence value for
Command
unp classification-rule port
unp classification-rule domain
unp classification-rule mac-address
unp classification-rule mac-oui
unp classification-rule mac-range
unp classification-rule lldp med-endpoint
unp classification-rule authentication-type
unp classification-rule ip-address
unp classification-rule vlan-tag
Configuring Port-Based Network Access Control
December 2017 page 28-67