Alcatel-Lucent 6600 Switch User Manual


 
Server Overview Managing Authentication Servers
page 20-6 OmniSwitch 6600 Family Network Configuration Guide April 2006
A RADIUS server supporting the challenge and response mechanism as defined in RADIUS RFC 2865
may access an ACE/Server for authentication purposes. The ACE/Server is then used for user authentica-
tion, and the RADIUS server is used for user authorization.
Authenticated VLANs
For authenticated VLANs, authentication servers contain a database of user names and passwords, chal-
lenges/responses, and other authentication criteria such as time-of-day access. The Authenticated VLAN
attribute is required on servers set up in multiple authority mode.
Servers may be configured using one of two different modes, single authority mode or multiple authority
mode. The mode specifies how the servers are set up for authentication: single authority mode uses a
single list (an authentication server and any backups) to poll with authentication requests. Multiple author-
ity mode uses multiple lists, one list for each authenticated VLAN. For more information about authority
modes and Authenticated VLANs, see Chapter 21, “Configuring Authenticated VLANs.”
The switch polls the server
for login information, and
checks the switch for privi-
lege information.
LDAP or RADIUS
Server
OmniSwitch
End Station
login request
The switch polls the server
and receives login and privi-
lege information about the
user.
ACE/Server
End Station
login request
OmniSwitch
Servers Used for Authenticated Switch Access
OmniSwitch 6648
OmniSwitch 6648
OmniSwitch 6648
OmniSwitch 6648
user
privileges
OmniSwitch 6648
OmniSwitch 6648
Ethernet clients
OmniSwitch
Authenticated
VLAN 2
Authenticated
VLAN 1
RADIUS or LDAP servers
The switch polls the servers
for login information to
authenticate users through
the switch.
Servers Used for Authenticated VLANs