Specifying Accounting Servers - Alcatel OmniSwitch 6624 Network Configuration Manual

Configuring Authenticated VLANs
To configure authentication in multiple mode, use the aaa authentication vlan command with the
multiple-mode keyword, the relevant VLAN ID, and the names of the servers. The VLAN ID is required,
and at least one server must be specified (a maximum of four servers is allowed per VLAN). For example:
-> aaa authentication vlan multiple-mode 2 rad1
-> aaa authentication vlan multiple-mode 3 ldap1
-> aaa authentication vlan multiple-mode 4 ldap1
-> aaa authentication vlan multiple-mode 5 ldap2 ldap3
To disable authenticated VLANs in multiple mode, use the no form of the command and specify the rele-
vant VLAN. Note that the mode does not have to be specified. For example:
-> no aaa authentication vlan 2
This command disables authentication on VLAN 2. VLANs 3, 4, and 5 are still enabled for authentication.

Specifying Accounting Servers

RADIUS and LDAP servers can also keep track of statistics for user authentication sessions. To specify
servers to be used for accounting, use the aaa accounting vlan command with the relevant accounting
server names. (Accounting servers are configured with the
commands, which are described in
ing servers may be specified. For example:
-> aaa accounting vlan rad1 ldap2
In this example, a RADIUS server (rad1) is used for all accounting of authenticated VLANs; an LDAP
server (ldap2) is specified as a backup accounting server.
If the switch is configured for multiple authority mode, the VLAN ID must be specified. In multiple mode,
a different accounting server (with backups) may be specified for each VLAN. For example:
-> aaa accounting vlan 3 rad1 rad2 ldap1
-> aaa accounting vlan 4 ldap2 ldap3
In this example, rad1 is configured an an accounting server for VLAN 3; rad2 and ldap1 are backups that
are only used if the previous server in the list goes down. An LDAP server (ldap2) is configured for
accounting in VLAN 4; the backup server for VLAN 4 is ldap3.
If an external server is not specified with the command, AVLAN user session information will be logged
in the local switch log. For information about switch logging, see
addition, the keyword local may be used so that logging will be done on the switch if the external server
or servers become unavailable. If local is specified, it must be specified last in the list of servers.
In the following example, single-mode authentication is already set up on the switch, the aaa accounting
vlan command configures a RADIUS server (rad1) for accounting. The local logging feature in the switch
(local) is the backup accounting mechanism.
-> aaa accounting vlan rad1 local
OmniSwitch 6624/6648 Network Configuration Guide
aaa ldap-server
Chapter 17, "Managing Authentication
April 2004
Specifying Accounting Servers
and aaa radius-server
Servers.") Up to four account-
Chapter 25, "Using Switch Logging." In
page 18-35