AOS-W 6.5.3.x | User Guide Authentication Servers | 178
Chapter 8
Authentication Servers
The AOS-W software allows you to use an external authentication server or the switch internal user database to
authenticate clients who need to access the wireless network.
This chapter describes the following topics:
n Understanding Authentication Server Best Practices and Exceptions on page 178
n Understanding Servers and Server Groups on page 178
n Configuring Authentication Servers on page 179
n Managing the Internal Database on page 196
n Configuring Server Groups on page 199
n Assigning Server Groups on page 205
n Configuring Authentication Timers on page 210
n Authentication Server Load Balancing on page 211
Understanding Authentication Server Best Practices and
Exceptions
n For an external authentication server to process requests from the Alcatel-Lucent switch, you must
configure the server to recognize the switch. Refer to the vendor documentation for information on
configuring the authentication server.
n To configure Microsoft’s IAS and Active Directory see the following links:
l http://technet2.microsoft.com/windowsserver/en/technologies/ias.mspx
l http://www.microsoft.com/en-us/server-cloud/windows-server/active-directory.aspx
Understanding Servers and Server Groups
AOS-W supports the following external authentication servers:
n RADIUS (Remote Authentication Dial-In User Service)
n LDAP (Lightweight Directory Access Protocol)
n TACACS+ (Terminal Access Switch Access Control System)
n Windows (For stateful NTLM authentication)
Starting with AOS-W 6.4, a maximum of 128 LDAP, RADIUS, and TACACS servers, each can be configured on the
switch.
Additionally, you can use the switch’s internal database to authenticate users. You create entries in the
database for users, their passwords, and their default role.
You can create groups of servers for specific types of authentication. For example, you can specify one or more
RADIUS servers to be used for 802.1X authentication. The list of servers in a server group is an ordered list.
This means that the first server in the list is always used unless it is unavailable, in which case the next server in
the list is used. You can configure servers of different types in one group. For example, you can include the
internal database as a backup to a RADIUS server.
To Next Page
Loading...