Authenticated Vlans - Alcatel-Lucent OmniSwitch 6800 Series Network Configuration Manual

Server Overview
A RADIUS server supporting the challenge and response mechanism as defined in RADIUS RFC 2865
may access an ACE/Server for authentication purposes. The ACE/Server is then used for user authentica-
tion, and the RADIUS server is used for user authorization.
LDAP or TACAS+
or RADIUS
The switch polls the server
and receives login and privi-
lege information about the
user.

Authenticated VLANs

For authenticated VLANs, authentication servers contain a database of user names and passwords, chal-
lenges/responses, and other authentication criteria such as time-of-day access. The Authenticated VLAN
attribute is required on servers set up in multiple authority mode.
Servers may be configured using one of two different modes, single authority mode or multiple authority
mode. The mode specifies how the servers are set up for authentication: single authority mode uses a
single list (an authentication server and any backups) to poll with authentication requests. Multiple author-
ity mode uses multiple lists, one list for each authenticated VLAN. For more information about authority
modes and Authenticated VLANs, see
RADIUS or TACACS+ or
LDAP servers
The switch polls the servers
for login information to
authenticate users through
the switch.
page 25-6
End Station
login request
OmniSwitch
Servers Used for Authenticated Switch Access
Chapter 26, "Configuring Authenticated VLANs."
OmniSwitch
Authenticated
Authenticated
VLAN 1
Servers Used for Authenticated VLANs
OmniSwitch 6800/6850/9000 Network Configuration Guide
Managing Authentication Servers
ACE/Server
The switch polls the server
for login information, and
checks the switch for privi-
lege information .
VLAN 2
End Station
login request
user
OmniSwitch 6648
privileges
OmniSwitch 6648
OmniSwitch
Ethernet clients
March 2008