Alcatel-Lucent 6850-48 ネットワークガイド
Setting Up the DHCP Server
Configuring Authenticated VLANs
page 36-30
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
Before Authentication
Normally, authentication clients cannot traffic in the default VLAN, so authentication clients do not
belong to any VLAN when they connect to the switch. Even if DHCP relay is enabled, the DHCP discov-
ery process cannot take place. To address this issue, a DHCP gateway address must be configured so that
the DHCP relay “knows” which router port address to use for serving initial IP addresses. (See
belong to any VLAN when they connect to the switch. Even if DHCP relay is enabled, the DHCP discov-
ery process cannot take place. To address this issue, a DHCP gateway address must be configured so that
the DHCP relay “knows” which router port address to use for serving initial IP addresses. (See
address.)
Note. The switch may be set up so that authentication clients will belong to the default VLAN prior to
authentication (see
authentication (see
). If a DHCP
server is located in the default VLAN, clients may obtain initial IP addresses from this server without
using a relay. However, the DHCP server is typically not located in a default VLAN because it is more
difficult to manage from an authenticated part of the network.
using a relay. However, the DHCP server is typically not located in a default VLAN because it is more
difficult to manage from an authenticated part of the network.
After Authentication
When the client authenticates, the client is moved into the allowed VLAN based on VLAN information
sent from an authentication server (single mode authority) or based on VLAN information configured
directly on the switch (multiple mode authority).
sent from an authentication server (single mode authority) or based on VLAN information configured
directly on the switch (multiple mode authority).
For information about authentication server authority modes, see
After authentication a client may be moved into a VLAN in which the client’s current IP address does not
correspond. This will happen if the DHCP gateway address for assigning initial IP addresses is the router
port of an authenticated VLAN to which the client does not belong. (See
correspond. This will happen if the DHCP gateway address for assigning initial IP addresses is the router
port of an authenticated VLAN to which the client does not belong. (See
.)
In this case, clients will send DHCP release/renew requests to get an address in the authenticated VLAN to
which they have access; DHCP relay must be enabled so that the request can be forwarded to the appropri-
ate VLAN.
which they have access; DHCP relay must be enabled so that the request can be forwarded to the appropri-
ate VLAN.
Note. Telnet clients typically require manual configuration for IP address release/renew. Web browser
clients will initiate their release/renew process automatically.
clients will initiate their release/renew process automatically.
Enabling DHCP Relay for Authentication Clients
To enable DHCP relay, specify the DHCP server with the
command.
-> ip helper address 10.10.2.3
DHCP is automatically enabled on the switch whenever a DHCP server address is defined. For more infor-
mation about using the ip helper address command, see
mation about using the ip helper address command, see
If multiple DHCP servers are used, one IP address must be configured for each server. The default VLAN
DHCP gateway must also be specified so that Telnet and Web browser clients can obtain IP addresses
prior to authentication. See the next section for more information.
DHCP gateway must also be specified so that Telnet and Web browser clients can obtain IP addresses
prior to authentication. See the next section for more information.
If you want to specify that the relay only be used for packets coming in on an authenticated port, enter the
command.
-> ip helper avlan only