Alcatel-Lucent 6850-48 Network Guide
Configuring Access Guardian
Access Guardian Overview
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 34-17
• UNP name. The UNP name is obtained from the RADIUS server and mapped to the same profile
name configured on the switch. The switch profile then identifies three attribute values: VLAN ID,
Host Integrity Check (HIC) status, and a QoS policy list name.
Host Integrity Check (HIC) status, and a QoS policy list name.
• VLAN ID. All members of the profile group are assigned to the VLAN ID specified by the profile.
• Host Integrity Check (HIC). Enables or disables device integrity verification for all members of the
profile group. See
for more informa-
tion.
• QoS policy list name. Specifies the name of an existing list of QoS policy rules. The rules within the
list are applied to all members of the profile group to enforce access to network resources. Only one
policy list is allowed per profile, but multiple profiles may use the same policy list. See
policy list is allowed per profile, but multiple profiles may use the same policy list. See
for more information.
An administrator can implement the same UNP name across the entire network infrastructure, as the
VLAN association is kept locally on each switch. For example, the administrator can deploy the UNP
named “Engineering” in one building using VLAN 10, while the same UNP deployed in another building
can use VLAN 20. The same UNP access controls are applied to all profile users in each building, even
though they belong to different VLANs.
VLAN association is kept locally on each switch. For example, the administrator can deploy the UNP
named “Engineering” in one building using VLAN 10, while the same UNP deployed in another building
can use VLAN 20. The same UNP access controls are applied to all profile users in each building, even
though they belong to different VLANs.
A UNP is a configurable option of Access Guardian device classification policies. A policy may also
include 802.1X, MAC, or Captive Portal (Web-based) authentication to provide more granular control of
the profile.
include 802.1X, MAC, or Captive Portal (Web-based) authentication to provide more granular control of
the profile.
A device classification policy offers the following two methods for deploying a UNP:
• The UNP option is configured to specify the name of a profile. When the device classification policy is
applied to an end user device, the profile attributes are applied to that device.
• The Group Mobility option is configured for the policy. When this option is triggered, Group Mobility
examines any VLAN rules or UNP mobile rules to determine if the device traffic matches any such
rules. If there is a match with a UNP rule, the profile specified in that rule is applied to the device. Note
that UNP rules take precedence over VLAN rules.
rules. If there is a match with a UNP rule, the profile specified in that rule is applied to the device. Note
that UNP rules take precedence over VLAN rules.
User profiles and UNP mobile rules must already exist in the switch configuration before they are
deployed via Access Guardian device classification policies. See
deployed via Access Guardian device classification policies. See
for more information.