Alcatel-Lucent 6850-48 网络指南
Configuring Authenticated VLANs
Configuring Authenticated VLANs
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 36-27
Configuring Authentication IP Addresses
Authentication clients connect to an IP address on the switch for authentication. (Web browser clients may
enter a DNS name rather than the IP address; see
enter a DNS name rather than the IP address; see
router interface is set up for an authenticated VLAN (through the
command), the switch auto-
matically sets up an authentication address for that authenticated VLAN based on the router interface
address. The authentication address uses the same mask as the router interface address and includes .253 at
the end of the address.
address. The authentication address uses the same mask as the router interface address and includes .253 at
the end of the address.
For example, if the router port address for authenticated VLAN 3 is 10.10.2.20, the authentication address
will be 10.10.2.253. This address is modifiable through the
will be 10.10.2.253. This address is modifiable through the
command; the address,
however, must use the same mask as the router port address. For example:
-> avlan auth-ip 3 10.10.2.80
This changes the authentication address for VLAN 3 to 10.10.2.80. The authentication IP address is also
used for the DNS address (see
used for the DNS address (see
When modifying the authentication address for a specific VLAN, make sure the following is true:
• The new IP address does not match an IP router interface address for the same VLAN. IP address reso-
lution problems can occur if these two addresses are not unique.
• The new IP address is an address that is local to the network segment on which the client is connected
The binding of the VLAN to the authentication IP address is to provide flexibility for the network
administrator to assign a designated IP address for respective user network segments.
administrator to assign a designated IP address for respective user network segments.
To display authentication addresses, use the
command.
Setting Up the Default VLAN for Authentication Clients
By default, authentication users cannot traffic in the default VLAN prior to authentication; however, the
switch may be configured to enable the default VLAN so that users may traffic in the default VLAN prior
to authentication.
switch may be configured to enable the default VLAN so that users may traffic in the default VLAN prior
to authentication.
The default VLAN is the default VLAN for the authentication port, the physical port through which
authentication clients are connected to the switch. The authentication port is specified through the
authentication clients are connected to the switch. The authentication port is specified through the
command. See
Use the
command to enable the default VLAN for authentication traffic.
-> avlan default-traffic enable
When this command is enabled, any authentication client initially belongs to the default VLAN of the
authentication port through which the client is connected. After authentication, if a client is removed from
an authenticated VLAN through the aaa avlan no command, the client is moved to the default VLAN.
authentication port through which the client is connected. After authentication, if a client is removed from
an authenticated VLAN through the aaa avlan no command, the client is moved to the default VLAN.
To disable any default VLAN for authentication traffic, use the disable keyword with the command:
-> avlan default-traffic disable
WARNING: Traffic on default vlan is DISABLED.
Existing users on default vlan are not flushed.
Users now do not belong to and cannot traffic in the default VLAN prior to authentication. Note that any
existing users in the default VLAN are not flushed.
existing users in the default VLAN are not flushed.