Alcatel-Lucent 6600 Switch User Manual


 
Enabling/Disabling VLAN Authentication Configuring VLANs
page 4-12 OmniSwitch 6600 Family Network Configuration Guide April 2006
Enabling/Disabling VLAN Authentication
Layer 2 authentication uses VLAN membership to grant access to network resources. Authenticated
VLANs control membership through a log-in process; this is sometimes called user authentication. A
VLAN must have authentication enabled before it can participate in the Layer 2 authentication process.
To enable/disable authentication on an existing VLAN, use the vlan authentication command. For exam-
ple, the following commands enable authentication on VLAN 955 and disable it on VLAN 455:
-> vlan 955 authentication enable
-> vlan 455 authentication disable
Once authentication is enabled on a VLAN, then only authenticated mobile port devices can join the
VLAN after completing the appropriate log-in process. To enable authentication on a mobile port, use the
vlan port authenticate command. For more information about mobile port commands and Layer 2
authentication for Alcatel switches, see Chapter 7, “Assigning Ports to VLANs,” and Chapter 21, “Config-
uring Authenticated VLANs.”
Configuring VLAN Router Interfaces
Network device traffic is bridged (switched) at the Layer 2 level between ports that are assigned to the
same VLAN. However, if a device needs to communicate with another device that belongs to a different
VLAN, then Layer 3 routing is necessary to transmit traffic between the VLANs. Bridging makes the deci-
sion on where to forward packets based on the packet’s destination MAC address; routing makes the deci-
sion on where to forward packets based on the packet’s IP network address (e.g., IP - 21.0.0.10). For more
information about routing, see Chapter 14, “Configuring IP.”
A VLAN is available for routing IP traffic when an IP router interface is defined for that VLAN and at
least one active port has joined the VLAN. Each VLAN supports up to eight IP router interfaces. The
maximum number of IP interfaces allowed per stack of switches is 4096. If a VLAN does not have an IP
router interface, the ports associated with that VLAN are in essence firewalled from other VLANs.
Note that at this time, IPX routing is not supported on the OmniSwitch 6600 Family. For information
about how to configure an IP router interface, see Chapter 14, “Configuring IP.”
What is Single MAC Router Mode?
The OmniSwitch 6600 Family operates only in single MAC router mode. In this mode, each router VLAN
is assigned the same MAC address, which is the base chassis MAC address for the switch. As a result, up
to 4094 VLANs per single switch or per stack of switches can have IP router interfaces defined. This also
eliminates the need to allocate additional MAC addresses if more than 32 router VLANs are defined.
To determine the total number of VLANs configured on the switch, and the number of VLANs with IP
router interfaces configured, use the show vlan router mac status command. For more information about
this command, see the OmniSwitch CLI Reference Guide.