Alcatel-Lucent 6850-48 Guide De Référence
AAA Commands
page 58-76
OmniSwitch CLI Reference Guide
September 2009
aaa user-network-profile
Configures a User Network Profile (UNP) that is used to provide role-based access to the switch. The
UNP determines the VLAN ID a device can join, whether or not a Host Integrity Check (HIC) is applied
to the device, and if any QoS policy rules are used to control access to network resources.
UNP determines the VLAN ID a device can join, whether or not a Host Integrity Check (HIC) is applied
to the device, and if any QoS policy rules are used to control access to network resources.
aaa user-network-profile name profile_name vlan vlan-id [hic [enable | disable]] [policy-list-name
list_name]
list_name]
no aaa user-network-profile name profile_name
Syntax Definitions
profile_name
The name of an existing or a new user profile. The name specified here
must match with the Filter-ID attribute returned by the RADIUS server.
The user profile name can range from 1 to 32 characters in length.
must match with the Filter-ID attribute returned by the RADIUS server.
The user profile name can range from 1 to 32 characters in length.
vlan-id
The VLAN identification number for an existing VLAN that will be
assigned to a user. The valid range is 1-4094.
assigned to a user. The valid range is 1-4094.
enable
Enables Host Integrity Check for the profile.
disable
Disables Host Integrity Check for the profile.
list_name
The name of an existing QoS policy list to apply to devices classified by
the User Network Profile. It is possible to assign up to 13 policy lists to
each user profile.
the User Network Profile. It is possible to assign up to 13 policy lists to
each user profile.
Defaults
Platforms Supported
OmniSwitch 6400, 6850, 6855, 9000, 9000E
OmniSwitch 9000E, 9000; hic enable, hic disable, policy-list-name parameters not supported.
OmniSwitch 9000E, 9000; hic enable, hic disable, policy-list-name parameters not supported.
Usage Guidelines
• Use the no form of this command to remove a UNP from the switch configuration.
• This command is used with RADIUS as the authentication server
• Enabling the hic parameter triggers the HIC verification process for any devices to which this profile is
applied. The switch interacts with the InfoExpress CyberGatekeeper HIC server to determine host
compliance.
compliance.
Examples
-> aaa user-network-profile name engineering vlan 10
-> aaa user-network-profile name marketing vlan 30 hic enable
parameter
default
hic enable | disable
disabled
list_name
none