Alcatel-Lucent 6850-48 网络指南
Configuring Access Guardian
Quick Steps for Configuring Access Guardian
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 34-5
Quick Steps for Configuring Access Guardian
When 802.1x is enabled for a switch port, default Access Guardian device classification policies are
applied to all devices connected to the port. As a result, it is only necessary to configure such policies if
the default policy is not sufficient for network access control. Therefore, the following quick steps are
optional but provide a brief tutorial for configuring Access Guardian policies:
applied to all devices connected to the port. As a result, it is only necessary to configure such policies if
the default policy is not sufficient for network access control. Therefore, the following quick steps are
optional but provide a brief tutorial for configuring Access Guardian policies:
1 To configure an Access Guardian policy that will authenticate and classify 802.1x users (supplicants),
use the
use the
command.
-> 802.1x 2/12 supplicant policy authentication pass group-mobility default-vlan
fail vlan 10 captive-portal
2 To configure an Access Guardian policy that will authenticate and classify non-802.1x users (non-
supplicants), use the
supplicants), use the
command.
-> 802.1x 2/12 non-supplicant policy authentication pass group-mobility default-
vlan fail vlan 10 captive-portal
3 To configure an Access Guardian Captive Portal policy that will classify web-based clients, use the
command. Note that this policy is triggered only when the
Captive Portal option of a supplicant or non-supplicant policy is applied.
-> 802.1x 2/12 captive-portal policy authentication pass vlan 100 block fail
vlan 10
4 To configure the length of a Captive Portal session, use the
command.
-> 802.1x 3/1 captive-portal session-limit 8
5 To configure the number of Captive Portal login attempts allowed before a device is classified as a
failed login, use the
failed login, use the
command.
-> 802.1x 3/1 captive-portal retry-count 5
6 To bypass authentication and restrict device classification of non-802.1x users to VLANs that are not
authenticated VLANs, use the
authenticated VLANs, use the
-> 802.1x 3/10 non-supplicant policy vlan 43 block
7 To set the Access Guardian policy back to the default classification policy for an 802.1x port, use the
-> 802.1x 3/10 policy default
command:
-> show 802.1x device classification policies
Device classification policies on 802.1x port 2/26
Supplicant:
authentication:
pass: group-mobility, default-vlan (default)
fail: block (default)
Non-Supplicant:
block (default)