OmniVista CIRRUS / OmniSwitch 6860 - UNP Configuration

rpoulard · July 1, 2024, 10:05am

Hello,

I’m reviewing all documentations and forums since a moment now.
I never found what i was looking for so i’m looking back to your reply.

Use case:
I would like to classify automatically via MAC Vendors my equipments and that they came up into my OmniVista CIRRUS.
After this first classification, i would like to attribute VLAN on them. With two use case.

First one : One vlan ( Example : Computer )
Second one : Multiples vlans ( Example : WiFi / TOIP )

What i started :
I’m using the default classification sended into the switch when i enable “IOT” from OmniVista.

I’ll focus on the second use case for this example, so i will talk about the classification profile “devProfIP-Phone” that is imported. ( We cannot verify the vendors in it ( could be interresting to see it, and do not struggle for nothing if the mac vendor is not in).

I created another profile to put my VLAN in as (tagged and not untagged) and i would also like to let it be classified by the default profile ( that is supposed to know all the mac vendor of TOIP )

unp port 1/1/1-24 port-type bridge
unp port 1/1/1-24 port-template "bridgeDefaultPortTemplate"

unp profile "TOIP"
unp classification-rule "TOIP"
unp classification-rule "TOIP" precedence 254
unp classification-rule "TOIP" Profile1 "TOIP"
unp classification-rule "TOIP" Profile2 "devProfIP-Phone"
unp classification-rule "TOIP" device-type "IP-Phone"
unp classification-rule "TOIP" vlan-tag 19

Well it seems to work for the VLAN affectation but do not came up in IOT part on OmniVista CIRRUS.

Could you please make a documentation base on this type of use case ( with the cli commands used ) ?

How can we force the IOT redétections ?

Thanks
Regards

olivier-stellar · July 3, 2024, 9:41am

Hi rpoulard,
From what I understand from your configuration your access classification works on Omnswitch and if you did the management from OV cirrus then you have applied an access classification from the OV unified access tool. With this tool if you can enforce a UNP profile with more rules for your device, you cannot classify it as an IOT. The vendors profiles are found only in the OV IOT tool (network > IOT) and you can do your inventory on MAC devices directly. If your category does not exist in the list you can define it and have choice to enforce directly via MAC or via fingerprinting if you have it. It is with the IOT tool that you really manage your IOT, fingerprinting and enforcement.
Hope this is providing an answer for your IOT device. Best regards

rpoulard · July 4, 2024, 9:56am

Hello olivier,

Yes, the switch is connected to the OmniVista CIRRUS (OV4).

The documentation doesn’t explain, what is related of the switch and what is related to the OV. It’s also more oriented for WiFi with ALE AP, or Zigbee or Google but not on standard equipments.

There is no examples based on a easy/advanced use case where we could base our tests on.

My final use case is for a switch, to detect the IOT equipment connected automatically and affect VLAN(s) on it( Switch part ). Then appear on the OV to simplify the “Locator” and other use case that we could have ( OV part ).

Is there somewhere a complete tutorial that could help us configure UNP on standard equipments ?

Thanks
Regards

rpoulard · July 24, 2024, 7:48am

Hello,

I made progress in the understanding of classification.

unp profile "P_DEFAULT"
unp profile "P_VLAN_19_TOIP"
unp profile "devProfIP-Phone"
unp profile "devProfWireless-Router"
unp profile "devProfSmartPhone/PDA/Tablets"
unp profile "P_DEFAULT" map vlan 666
unp profile "P_VLAN_19_TOIP" map vlan 19
unp profile "P_VLAN_100_COMPUTER" map vlan 100
unp port-template "P_T_DEFAULT" direction both default-profile "P_DEFAULT" classification trust-tag admin-state enable
unp port-template "P_T_DEFAULT" vlan 666
unp port-template "P_T_DEFAULT" force-l3-learning port-bounce
unp port-template "P_T_VLAN_100_COMPUTER" direction both default-profile "P_VLAN_19_TOIP" classification trust-tag admin-state enable
unp port-template "P_T_VLAN_100_COMPUTER" vlan 100
unp port-template "P_T_VLAN_100_COMPUTER" force-l3-learning port-bounce
unp port 1/1/1-20 port-type bridge
unp port 1/1/1-20 port-template "P_T_DEFAULT"
unp classification-rule "devProfIP-Phone"
unp classification-rule "devProfIP-Phone" precedence 255
unp classification-rule "devProfIP-Phone" Profile1 "devProfIP-Phone"
unp classification-rule "devProfIP-Phone" Profile2 "P_VLAN_19_TOIP"
unp classification-rule "devProfIP-Phone" device-type "IP-Phone"

  vlan      type        status
--------+-----------+---------------
     1    untagged    forwarding
    19    unpQtag     forwarding

Context :
I would like after the first classification that in this case will detect a IP-Phone, that the classification give a unp untagged vlan (100) and a unp tagged vlan (19) but without affecting it manually !

But it do not seems possible actually ?
I tried differents way of thinking :

Change automatically the port-template via classification or via the unp port definition → Not possible
Add vlan 100 in the classification-rule —> Tagged only ( unp classification-rule “devProfIP-Phone” Profile3 “P_VLAN_100_COMPUTER” )

Is there a way to affect via a classification ( Fingerprint ) to affect untagg vlan / tagged vlan, without configuring manually a port-type or a port-template but automatically ?

I will have other needs for access vlan (CCTV/COMPUTER/ … )or bridge ( AP/ToIP/ …)