Configuring The Server Authority Mode; Configuring Single Mode - Alcatel OmniSwitch 6624 Network Configuration Manual
Hide thumbs
Also See for OmniSwitch 6624:
- Troubleshooting manual (614 pages) ,
- Management manual (264 pages) ,
- Network configuration manual (654 pages)
Table of Contents
Advertisement
Configuring the Server Authority Mode
Configuring the Server Authority Mode
Authentication servers for Layer 2 authentication are configured in one of two modes: single authority or
multiple authority. Single authority mode uses a single list of servers (one primary server and up to three
backups) to poll with authentication requests. Multiple authority mode uses multiple lists of servers and
backups, one list for each authenticated VLAN.
Note. Only one mode is valid on the switch at one time.
At least one server must be configured in either mode. Up to three backup servers total may be specified.
The CLI commands required for specifying the servers are as follows:
aaa authentication vlan single-mode
aaa authentication vlan multiple-mode
Note. Each RADIUS and LDAP server may each have an additional backup host of the same type config-
ured through the
aaa radius-server
In addition, the
aaa accounting vlan
keep track of user session statistics. Setting up servers for accounting is described in
ing Servers" on page
Configuring Single Mode
This mode should be used when all authenticated VLANs on the switch are using a single authentication
server (with optional backups) configured with VLAN information. When this mode is configured, a client
is authenticated into a particular VLAN or VLANs. (For the client to be authenticated into multiple
VLANs, each VLAN must be configured for a different protocol.)
When a client first makes a connection to the switch, the agent in the switch polls the authentication server
for a match with a client's user name and password. If the authentication server is down, the first backup
server is polled. The switch uses the first available server to attempt to authenticate the user. (If a match is
not found on that server, the authentication attempt fails. The switch does not try the next server in the
list.)
If a match is found on the first available server, the authentication server sends a message to the agent in
the switch that includes the VLAN IDs to which the client is allowed access. The agent then moves the
MAC address of the client out of the default VLAN and into the appropriate authenticated VLAN(s).
In the illustration shown here, the Ethernet clients connect to the switch and initially belong to VLAN 1.
Additional VLANs have been configured as authenticated VLANs. LDAP and RADIUS servers are
configured with VLAN ID information for the clients.
page 18-32
and
aaa ldap-server
command may be used to set up an accounting server or servers to
18-35.
OmniSwitch 6624/6648 Network Configuration Guide
Configuring Authenticated VLANs
commands.
"Specifying Account-
April 2004
Advertisement
Table of Contents
