Configuring Authentication Ip Addresses; Setting Up The Default Vlan For Authentication Clients - Alcatel-Lucent OmniSwitch 6850-48 Network Configuration Manual

Configuring Authenticated VLANs

Configuring Authentication IP Addresses

Authentication clients connect to an IP address on the switch for authentication. (Web browser clients may
enter a DNS name rather than the IP address; see
router interface is set up for an authenticated VLAN (through the
matically sets up an authentication address for that authenticated VLAN based on the router interface
address. The authentication address uses the same mask as the router interface address and includes .253 at
the end of the address.
For example, if the router port address for authenticated VLAN 3 is 10.10.2.20, the authentication address
will be 10.10.2.253. This address is modifiable through the
however, must use the same mask as the router port address. For example:
-> avlan auth-ip 3 10.10.2.80
This changes the authentication address for VLAN 3 to 10.10.2.80. The authentication IP address is also
used for the DNS address (see
When modifying the authentication address for a specific VLAN, make sure the following is true:
•
The new IP address does not match an IP router interface address for the same VLAN. IP address reso-
lution problems can occur if these two addresses are not unique.
•
The new IP address is an address that is local to the network segment on which the client is connected
The binding of the VLAN to the authentication IP address is to provide flexibility for the network
administrator to assign a designated IP address for respective user network segments.
To display authentication addresses, use the

Setting Up the Default VLAN for Authentication Clients

By default, authentication users cannot traffic in the default VLAN prior to authentication; however, the
switch may be configured to enable the default VLAN so that users may traffic in the default VLAN prior
to authentication.
The default VLAN is the default VLAN for the authentication port, the physical port through which
authentication clients are connected to the switch. The authentication port is specified through the
port authenticate command. See
Use the aaa accounting command
-> avlan default-traffic enable
When this command is enabled, any authentication client initially belongs to the default VLAN of the
authentication port through which the client is connected. After authentication, if a client is removed from
an authenticated VLAN through the aaa avlan no command, the client is moved to the default VLAN.
To disable any default VLAN for authentication traffic, use the disable keyword with the command:
-> avlan default-traffic disable
WARNING: Traffic on default vlan is DISABLED.
Existing users on default vlan are not flushed.
Users now do not belong to and cannot traffic in the default VLAN prior to authentication. Note that any
existing users in the default VLAN are not flushed.
OmniSwitch AOS Release 6 Network Configuration Guide
"Setting Up a DNS Path" on page
"Setting Up a DNS Path" on page
show aaa avlan auth-ip
"Configuring Authenticated Ports" on page
command to enable the default VLAN for authentication traffic.
September 2009
Configuring Authenticated VLANs
36-29). When the
ip interface command), the switch auto-
avlan auth-ip command; the address,
36-29).
command.
36-28.
vlan
page 36-27