Alcatel-Lucent 6850-48 Guida Di Rete

Configuring Authenticated VLANs

AVLAN Configuration Overview

OmniSwitch AOS Release 6 Network Configuration Guide

page 36-5

1 Enable at least one authenticated VLAN:

-> vlan 2 authentication enable

Note that this command does not create a VLAN; the VLAN must already be created. For information 
about creating VLANs, see 

The VLAN must also have an IP router interface if Telnet or Web browser clients will be authenticating 
into this VLAN. The following command configures an IP router interface on VLAN 2:

-> ip interface vlan-2 address 10.10.2.20 vlan 2

2 Create and enable at least one mobile authenticated port. The port must be in VLAN 1, the default 
VLAN on the switch.

-> vlan port mobile 3/1

-> vlan port 3/1 authenticate enable

3 Set up a DNS path if users will be authenticating through a Web browser:

-> aaa avlan dns auth.company

4 Set up a path to a DHCP server if users will be getting IP addresses from DHCP. The IP helper address 
is the IP address of the DHCP server; the AVLAN default DHCP address is the address of any router port 
configured on the VLAN.

-> ip helper address 10.10.2.5

-> aaa avlan default dhcp 10.10.2.20

If the relay will be used for authentication only, enter the 

-> ip helper avlan only

Note. To check the DNS and DHCP authentication configuration, enter the 

 

command. For example:

-> show aaa avlan config

default DHCP relay address = 192.9.33.222

authentication DNS name

= authent.company.com

For more information about this command, see the OmniSwitch CLI Reference Guide.

5 Configure the switch to communicate with the authentication servers. Use the 

 command. For example:

-> aaa radius-server rad1 host 10.10.1.2 key wwwtoe timeout 3

-> aaa ldap server ldap2 host 199.1.1.1 dn manager password foo base c=us

 for more information about setting up external serv-

ers for authentication.