Configuring Authenticated VLANs Configuring Authenticated VLANs
page 21-26 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Authenticated VLANs
At least one authenticated VLAN must be configured on the switch. For more information about VLANs
in general, see Chapter 4, “Configuring VLANs.”
To configure an authenticated VLAN, use the vlan authentication command to enable authentication on
an existing VLAN. For example:
-> vlan 2 authentication enable
Note that the specified VLAN (in this case, VLAN 2) must already exist on the switch. A router port must
also be configured for the VLAN (with the ip interface command) so that a DHCP relay may be set up.
For example:
-> vlan 2 router ip 10.10.2.20
See “Setting Up the DHCP Server” on page 21-29 for more information about setting up a DHCP server.
Removing a User From an Authenticated Network
To remove a user from authenticated VLANs, enter the aaa vlan no command with the user’s MAC
address. If the user’s MAC address is unknown, enter the show avlan user command first. Specify the
VLAN ID or slot number to get information about a particular VLAN or slot only. For example:
-> show avlan user 23
name Mac Address Slot Port Vlan
----------------------------------------------------------------
user1 00:20:da:05:f6:23 02 02 23
In this example, user1 is authenticated into VLAN 23 and is using MAC address 00:20:da:05:f6:23. To
remove user1 from authenticated VLAN 23, enter the aaa vlan no command with the MAC address. For
example:
-> aaa avlan no 00:20:da:05:f6:23
When this command is entered, user1 will be removed from VLAN 23. If the switch is set up so that
authenticated users may traffic in the default VLAN, the user will be placed into the default VLAN of the
authentication port. (See “Setting Up the Default VLAN for Authentication Clients” on page 21-27 for
information about setting up the switch so that authentication clients may traffic in the default VLAN prior
to authentication.)
For more information about the output display for the aaa avlan no and show avlan user commands, see
the OmniSwitch CLI Reference Guide.
Note. The MAC addresses of users may also be found in the log files generated by accounting servers.