Alcatel-Lucent 6850-48 ネットワークガイド
Managing Authentication Servers
RADIUS Servers
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 35-9
RADIUS Servers
RADIUS is a standard authentication and accounting protocol defined in RFC 2865 and RFC 2866. A
built-in RADIUS client is available in the switch. A RADIUS server that supports Vendor Specific
Attributes (VSAs) is required. The Alcatel-Lucent attributes may include VLAN information, time-of-day,
or slot/port restrictions.
built-in RADIUS client is available in the switch. A RADIUS server that supports Vendor Specific
Attributes (VSAs) is required. The Alcatel-Lucent attributes may include VLAN information, time-of-day,
or slot/port restrictions.
RADIUS Server Attributes
RADIUS servers and RADIUS accounting servers are configured with particular attributes defined in RFC
2138 and RFC 2139, respectively. These attributes carry specific authentication, authorization, and config-
uration details about RADIUS requests to and replies from the server. This section describes the attributes
and how to configure them on the server.
2138 and RFC 2139, respectively. These attributes carry specific authentication, authorization, and config-
uration details about RADIUS requests to and replies from the server. This section describes the attributes
and how to configure them on the server.
Standard Attributes
The following tables list RADIUS server attributes 1–39 and 60–63, their descriptions, and whether the
Alcatel-Lucent RADIUS client in the switch supports them. Attribute 26 is for vendor-specific informa-
tion and is discussed in
Alcatel-Lucent RADIUS client in the switch supports them. Attribute 26 is for vendor-specific informa-
tion and is discussed in
. Attributes 40–59 are
.
Num. Standard Attribute
Notes
1 User-Name
Used in access-request and account-request packets.
2 User-Password
—
3 CHAP-Password
Not supported.
4 NAS-IP-Address
Sent with every access-request. Specifies which switches a
user may have access to. More than one of these attributes is
allowed per user.
user may have access to. More than one of these attributes is
allowed per user.
5 NAS-Port
Virtual port number sent with access-request and account-
request packets. Slot/port information is supplied in attribute
26 (vendor-specific).
request packets. Slot/port information is supplied in attribute
26 (vendor-specific).
6
7
8
9
7
8
9
10
11
12
13
14
15
16
11
12
13
14
15
16
Service-Type
Framed-Protocol
Framed-IP-Address
Framed-IP-Netmask
Framed-Routing
Filter-Id
Framed-MTU
Framed-Compression
Login-IP-Host
Login-Service
Login-TCP-Port
Framed-Protocol
Framed-IP-Address
Framed-IP-Netmask
Framed-Routing
Filter-Id
Framed-MTU
Framed-Compression
Login-IP-Host
Login-Service
Login-TCP-Port
Not supported. These attributes are used for dial-up sessions;
not applicable to the RADIUS client in the switch.
not applicable to the RADIUS client in the switch.
17 Unassigned
—
18 Reply-Message
Multiple reply messages are supported, but the length of all
the reply messages returned in one access-accept or access-
reject packet cannot exceed 256 characters.
the reply messages returned in one access-accept or access-
reject packet cannot exceed 256 characters.