Alcatel-Lucent 6600 Switch User Manual


 
Configuring Authenticated VLANs Setting Up a DNS Path
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 21-29
Setting Up a DNS Path
A Domain Name Server (DNS) name may be configured so that Web browser clients may enter a URL on
the browser command line instead of an authentication IP address. A Domain Name Server must be set up
in the network for resolving the name to the authentication IP address.
There may be multiple authentication IP addresses on the switch (if multiple authenticated VLANs are set
up); however, there is only one authentication DNS path or host name. When the client enters the DNS
path, the switch determines the IP authentication address based on the client’s IP address, and the browser
authentication page is displayed.
Typically the client address is provided by DHCP; DHCP also supplies DNS IP addresses to the client.
(The DHCP server must be configured with DNS addresses that correspond to the authenticated VLANs.)
See “Setting Up the DHCP Server” on page 21-29 for more information about DHCP and authentication.
For more information about authentication IP addresses, see “Configuring Authentication IP Addresses”
on page 21-27.
To configure a DNS path, use the aaa avlan dns command. For example:
-> aaa avlan dns name auth.company
When this command is configured, a Web browser client may enter auth.company in the browser
command line to initiate the authentication process.
To remove a DNS path from the configuration, use the no form of the command. For example:
-> no aaa avlan dns
The DNS path is removed from the configuration, and Web browser clients must enter the authentication
IP address to initiate the authentication process.
Setting Up the DHCP Server
DHCP is a convenient way to assign IP addresses to an authentication client. DHCP will also serve DNS
IP addresses to clients.
There may be one DHCP server that serves all authenticated VLANs or a DHCP server for each authenti-
cated VLAN. The DHCP server may be located in the default VLAN, an authenticated VLAN, or both.
Typically a DHCP server is located in an authenticated VLAN. Each server must be configured with IP
addresses corresponding to the authenticated VLANs for which it will serve addresses.
A DHCP relay must be set up if authentication clients and the DHCP server are located in different
VLANs, or if authentication clients do not belong to any VLAN. Telnet and Web browser authentication
clients require IP addresses prior to authentication as well as after authenticating. The relay may be used to
serve IP addresses both before and after authentication.
Note. For more information about configuring DHCP relay in general, see Chapter 18, “Configuring
DHCP Relay.”