Configuring Authenticated VLANs Specifying Accounting Servers
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 21-35
To configure authentication in multiple mode, use the aaa authentication vlan command with the
multiple-mode keyword, the relevant VLAN ID, and the names of the servers. The VLAN ID is required,
and at least one server must be specified (a maximum of four servers is allowed per VLAN). For example:
-> aaa authentication vlan multiple-mode 2 rad1
-> aaa authentication vlan multiple-mode 3 ldap1
-> aaa authentication vlan multiple-mode 4 ldap1
-> aaa authentication vlan multiple-mode 5 ldap2 ldap3
To disable authenticated VLANs in multiple mode, use the no form of the command and specify the rele-
vant VLAN. Note that the mode does not have to be specified. For example:
-> no aaa authentication vlan 2
This command disables authentication on VLAN 2. VLANs 3, 4, and 5 are still enabled for authentication.
Specifying Accounting Servers
RADIUS and LDAP servers can also keep track of statistics for user authentication sessions. To specify
servers to be used for accounting, use the aaa accounting vlan command with the relevant accounting
server names. (Accounting servers are configured with the aaa ldap-server and aaa radius-server
commands, which are described in Chapter 20, “Managing Authentication Servers.”) Up to four account-
ing servers may be specified. For example:
-> aaa accounting vlan rad1 ldap2
In this example, a RADIUS server (rad1) is used for all accounting of authenticated VLANs; an LDAP
server (ldap2) is specified as a backup accounting server.
If the switch is configured for multiple authority mode, the VLAN ID must be specified. In multiple mode,
a different accounting server (with backups) may be specified for each VLAN. For example:
-> aaa accounting vlan 3 rad1 rad2 ldap1
-> aaa accounting vlan 4 ldap2 ldap3
In this example, rad1 is configured an accounting server for VLAN 3; rad2 and ldap1 are backups that
are only used if the previous server in the list goes down. An LDAP server (ldap2) is configured for
accounting in VLAN 4; the backup server for VLAN 4 is ldap3.
If an external server is not specified with the command, AVLAN user session information will be logged
in the local switch log. For information about switch logging, see Chapter 28, “Using Switch Logging.” In
addition, the keyword local may be used so that logging will be done on the switch if the external server
or servers become unavailable. If local is specified, it must be specified last in the list of servers.
In the following example, single-mode authentication is already set up on the switch, the aaa accounting
vlan command configures a RADIUS server (rad1) for accounting. The local logging feature in the switch
(local) is the backup accounting mechanism.
-> aaa accounting vlan rad1 local