Alcatel-Lucent 6850-48 Guida Di Rete
Configuring Access Guardian
Configuring Access Guardian Policies
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 34-27
To configure a non-supplicant policy that will not perform MAC authentication, use the
command. The following parameter keywords are available with this command to spec-
ify one or more policies for classifying devices
:
Note that this type of policy does not use 802.1x or MAC authentication. As a result, all of the available
policy keywords restrict the assignment of the non-supplicant device to only those VLANs that are not
authenticated VLANs. The pass and fail keywords are not used when configuring this type of policy.
policy keywords restrict the assignment of the non-supplicant device to only those VLANs that are not
authenticated VLANs. The pass and fail keywords are not used when configuring this type of policy.
Non-supplicant Policy Examples
The following table provides example non-supplicant policy commands and a description of how the
resulting policy is applied to classify supplicant devices:
resulting policy is applied to classify supplicant devices:
supplicant policy keywords
group-mobility
user-network-profile
vlan
default-vlan
block
user-network-profile
vlan
default-vlan
block
Supplicant Policy Command Example
Description
802.1x 1/24 non-supplicant policy authentication
pass group-mobility default-vlan fail vlan 10 block
pass group-mobility default-vlan fail vlan 10 block
If the MAC authentication process is successful
but does not return a VLAN ID for the device, then
the following occurs:
1 Group Mobility VLAN or UNP mobile rules
but does not return a VLAN ID for the device, then
the following occurs:
1 Group Mobility VLAN or UNP mobile rules
are applied.
2 If Group Mobility classification fails, then the
device is assigned to the default VLAN for
port 1/24.
port 1/24.
If the device fails MAC authentication, then the
following occurs:
1 If VLAN 10 exists and is not an authenticated
following occurs:
1 If VLAN 10 exists and is not an authenticated
VLAN, the device is assigned to VLAN 10.
2 If VLAN 10 does not exist or is an authenti-
cated VLAN, the device is blocked from
accessing the switch on port 1/24.
accessing the switch on port 1/24.
802.1x 1/48 non-supplicant policy authentication
vlan 10 default-vlan
vlan 10 default-vlan
If the MAC authentication process is successful
but does not return a VLAN ID for the device, then
the following occurs:
1 The device is assigned to VLAN 10.
2 If VLAN 10 does not exist, then the device is
but does not return a VLAN ID for the device, then
the following occurs:
1 The device is assigned to VLAN 10.
2 If VLAN 10 does not exist, then the device is
assigned to the default VLAN for port 1/48.
If the device fails MAC authentication, the device
is blocked from accessing the switch on port 1/48.
is blocked from accessing the switch on port 1/48.