Alcatel-Lucent omniaccess User Manual
Configuring 802.1x Security
135
Chapter 11
3
Configure the authentication servers.
z
This is the authentication server to which the switch will send authen-
tication requests. To add an authentication server, click
tication requests. To add an authentication server, click
Add
under
Choose an Authentication Server
. Select the internal database option to
use the local database on the switch for MAC-based authentication.
z
From the pull down menu select the RADIUS server that will be the pri-
mary authentication server. Click
mary authentication server. Click
Add
after making the choice.
z
To add multiple auth servers repeat these steps for each server.
The servers appear in the order of descending priority. The first entry is always
the primary server. To change the order, use the
the primary server. To change the order, use the
S or T arrows to the right of
the entry to move it higher up or lower down in the list.
4
Click
Apply
to apply the changes made. Verify that the changes made
have taken effect on the resultant page.
Configuring Users
This section explains how to configure users in the local database for
MAC-based authentication:
MAC-based authentication:
To authenticate users using MAC-authentication by adding a user to the local
database:
database:
1. Under the
Configuration
tab, navigate to the
Security > AAA Servers > Internal
Database
page.
z
Under the
Users
section click
Add User
. This opens the
Add User
page.
Authentication
Failure
Threshold for
Station
Blacklisting
This specifies the
number of times a user
can try to login with
wrong credentials after
which the user will be
blacklisted as a security
threat. Default : 3
number of times a user
can try to login with
wrong credentials after
which the user will be
blacklisted as a security
threat. Default : 3
Integer
Set value to 0 to
disable
blacklisting.
disable
blacklisting.
Set to a non zero
integer value to
blacklist after the
specified number
of failures. This is
a security feature.
integer value to
blacklist after the
specified number
of failures. This is
a security feature.