Alcatel-Lucent 6850-48 网络指南

Configuring Access Guardian

Access Guardian Overview

OmniSwitch AOS Release 6 Network Configuration Guide

page 34-15

4 If there are no Group Mobility VLAN or UNP mobile rules that match the client traffic, then the device 
is learned in the default VLAN for the 802.1X port.

 for more information about how to use and 

configure policies.

Note. It is possible to bypass 802.1x authentication and classify supplicants connected to an 802.1x port as 
non-supplicants (see the 

 section in 

 for more information). When this is done, all devices (including supplicants) are then classi-

fied as non-supplicants. As a result, non-supplicant policies that use MAC-based authentication are now 
applicable to supplicant devices, not just non-supplicant devices. 

The following diagram illustrates the conceptual flow of Access Guardian policies, including the separate 
Web-based authentication branch provided by Captive Portal:

For more information, see 

.

Host Integrity Check (HIC) is a mechanism for verifying the compliance of an end user device when it 
connects to the switch. Configurable HIC policies are used to specify, evaluate, and enforce network 
access requirements for the host. For example, is the host running a required version of a specific operat-
ing system or anti-virus software up to date. 

The Access Guardian implementation of HIC is an integrated solution consisting of switch-based func-
tionality, the InfoExpress compliance agent (desktop or Web-based) for the host device, and interaction 
with the InfoExpress CyberGatekeeper server and Policy Manager.

The switch-based functionality is provided through the configuration of a User Network Profile (UNP), 
which contains a configurable HIC attribute. HIC is either enabled or disabled for the profile. A UNP is a