Alcatel-Lucent 6600 Switch User Manual


 
Managing Authentication Servers RADIUS Servers
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 20-9
RADIUS Servers
RADIUS is a standard authentication and accounting protocol defined in RFC 2865 and RFC 2866. A
built-in RADIUS client is available in the switch. A RADIUS server that supports Vendor Specific
Attributes (VSAs) is required. The Alcatel attributes may include VLAN information, time-of-day, or
slot/port restrictions.
RADIUS Server Attributes
RADIUS servers and RADIUS accounting servers are configured with particular attributes defined in RFC
2138 and RFC 2139, respectively. These attributes carry specific authentication, authorization, and config-
uration details about RADIUS requests to and replies from the server. This section describes the attributes
and how to configure them on the server.
Standard Attributes
The following tables list RADIUS server attributes 1–39 and 60–63, their descriptions, and whether the
Alcatel RADIUS client in the switch supports them. Attribute 26 is for vendor-specific information and is
discussed in “Vendor-Specific Attributes for RADIUS” on page 20-11. Attributes 40–59 are used for
RADIUS accounting servers and are listed in “RADIUS Accounting Server Attributes” on page 20-13.
Num. Standard Attribute Notes
1 User-Name Used in access-request and account-request packets.
2 User-Password
3 CHAP-Password Not supported.
4 NAS-IP-Address Sent with every access-request. Specifies which switches a
user may have access to. More than one of these attributes is
allowed per user.
5 NAS-Port Virtual port number sent with access-request and account-
request packets. Slot/port information is supplied in attribute
26 (vendor-specific).
6
7
8
9
10
11
12
13
14
15
16
Service-Type
Framed-Protocol
Framed-IP-Address
Framed-IP-Netmask
Framed-Routing
Filter-Id
Framed-MTU
Framed-Compression
Login-IP-Host
Login-Service
Login-TCP-Port
Not supported. These attributes are used for dial-up sessions;
not applicable to the RADIUS client in the switch.
17 Unassigned
18 Reply-Message Multiple reply messages are supported, but the length of all
the reply messages returned in one access-accept or access-
reject packet cannot exceed 256 characters.