Alcatel OmniSwitch 2 Switch Integration Script
Note: This integration was certified on an OS6465-P28 running 8.6.289.R01 and an OS6865-P16X running 8.6.289.R01. Replace x.x.x.x with the NAC appliance IP and replace “your-shared-secret-here” with the shared secret you would like to use, this will also need to be added in the NAC RADIUS UI.
unp profile "SC_Guest_Profile" qos-policy-list "SC_Guest_List"unp profile "SC_Initial_Profile"unp profile "SC_Compliant_Profile"unp profile "SC_Quarantine_Profile" qos-policy-list "SC_Quarantine_List"unp profile "SC_Guest_Profile" map vlan 18unp profile "SC_Initial_Profile" map vlan 18unp profile "SC_Compliant_Profile" map vlan 18unp profile "SC_Quarantine_Profile" map vlan 18unp redirect pause-timer 60unp redirect server 10.101.150.10unp port 1/1/1 port-type bridgeunp port 1/1/1 redirect-port-bounce direction both default-profile "SC_Initial_Profile"classification trust-tag ap-mode dynamic-service noneunp port 1/1/1 admin-state enableunp port 1/1/1 802.1x-authenticationunp port 1/1/1 mac-authentication!aaa radius-server "NAC" host x.x.x.x hash-key your-shared-secret-here retransmit 3timeout 2 auth-port 1812 acct-port 1813 vrf-name default!aaa device-authentication mac "NAC"aaa device-authentication 802.1x "NAC"aaa accounting mac "NAC"aaa accounting 802.1x "NAC"!policy service svc-dhcp destination udp-port 67policy service svc-dns destination udp-port 53policy service group protocolallow svc-dns svc-dhcppolicy network group NAC x.x.x.x 198.31.193.211policy network group internal 10.0.0.0 mask 255.0.0.0 172.16.0.0 mask 255.240.0.0192.168.0.0 mask 255.255.0.0policy condition to-protocolallow service group protocolallowpolicy condition to-internal destination network group internalpolicy condition to-NAC destination network group NACpolicy action ACCEPTpolicy action DENY disposition denypolicy rule Allow-NAC precedence 1002 condition to-NAC action ACCEPT nodefault-listpolicy rule Allow-Services precedence 1002 condition to-protocolallow action ACCEPT nodefault-listpolicy rule Deny-Internal precedence 1000 condition to-internal action DENY no default-listpolicy list SC_Quarantine_List type unppolicy list SC_Quarantine_List rules Deny-Internal Allow-NAC Allow-Servicespolicy list SC_Guest_List type unppolicy list SC_Guest_List rules Deny-Internal Allow-Servicesqos apply!!mvrp enable!wr mem flash-synchroWas this page helpful?
