Alcatel-Lucent 6850-48 网络指南
Configuring Access Guardian
Access Guardian Overview
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 34-15
4 If there are no Group Mobility VLAN or UNP mobile rules that match the client traffic, then the device
is learned in the default VLAN for the 802.1X port.
is learned in the default VLAN for the 802.1X port.
for more information about how to use and
configure policies.
Note. It is possible to bypass 802.1x authentication and classify supplicants connected to an 802.1x port as
non-supplicants (see the
non-supplicants (see the
section in
fied as non-supplicants. As a result, non-supplicant policies that use MAC-based authentication are now
applicable to supplicant devices, not just non-supplicant devices.
applicable to supplicant devices, not just non-supplicant devices.
The following diagram illustrates the conceptual flow of Access Guardian policies, including the separate
Web-based authentication branch provided by Captive Portal:
Web-based authentication branch provided by Captive Portal:
For more information, see
.
Host Integrity Check (End-User Compliance)
Host Integrity Check (HIC) is a mechanism for verifying the compliance of an end user device when it
connects to the switch. Configurable HIC policies are used to specify, evaluate, and enforce network
access requirements for the host. For example, is the host running a required version of a specific operat-
ing system or anti-virus software up to date.
connects to the switch. Configurable HIC policies are used to specify, evaluate, and enforce network
access requirements for the host. For example, is the host running a required version of a specific operat-
ing system or anti-virus software up to date.
The Access Guardian implementation of HIC is an integrated solution consisting of switch-based func-
tionality, the InfoExpress compliance agent (desktop or Web-based) for the host device, and interaction
with the InfoExpress CyberGatekeeper server and Policy Manager.
tionality, the InfoExpress compliance agent (desktop or Web-based) for the host device, and interaction
with the InfoExpress CyberGatekeeper server and Policy Manager.
The switch-based functionality is provided through the configuration of a User Network Profile (UNP),
which contains a configurable HIC attribute. HIC is either enabled or disabled for the profile. A UNP is a
which contains a configurable HIC attribute. HIC is either enabled or disabled for the profile. A UNP is a