Alcatel-Lucent AOS-W 6.5.3.x - WAN Failure (Authentication) Survivability

To Next Page

To Previous Page

218| BranchSwitch Config for Cloud Services Switches AOS-W 6.5.3.x| User Guide

switch configuration. If the branch switch cannot reconnect to the primary master switch during this

switchover timeout period, and the secondary switch is up and reachable, the branch switch reloads and

associates to the secondary switch as the new master. The branch switch then synchronizes its branch and

global configuration settings from the new master, and reloads again to apply those settings.

WAN Failure (Authentication) Survivability

This section contains the following information about the authentication survivability feature. This feature is

supported on OAW-40xx Seriesswitches.

n Supported Client and Authentication Types

n Administrative Functions

n About the Survival Server

n Trigger Conditions for Critical Actions

n Authentication for Captive Portal Clients

n Authentication for 802.1X Clients

n Authentication for MAC Address-Based Clients

n Authentication for WISPr Clients

Authentication survivability allows switches to provide client authentication and authorization survivability

when remote authentication servers are not accessible. It stores user access credentials, as well as key reply

attributes, whenever clients are authenticated with external RADIUS servers or LDAP authentication servers.

When external authentication servers are not accessible, the switch uses its local Survival Server to continue

providing authentication and authorization functions by using the user access credentials and key reply

attributes that were stored earlier.

Authentication survivability is critical to WLANs managed by branch switches since most branch switches use

geographically remote authentication servers to provide authentication and authorization services. When

those authentication servers are not accessible, clients can't access the WLAN because the branch switch can't

authenticate them.

This feature can be configured for branch switches using the Smart Config WebUI, or for master and local switches

using the aaa auth-survivability commands in the command-line interface. For details on configuring this feature

using the Smart Config WebUI, see WAN Configuration on page 251.

Supported Client and Authentication Types

The following combination of clients and authentication types are supported with the authentication

survivability feature (see Table 55):

Table 55: Clients and Supported Authentication Types

Clients Authentication Methods

Captive Portal clients Password Authentication Protocol (PAP)

802.1X clients n Termination disabled: Extensible Authentication Protocol-Transport

Layer Security (EAP-TLS) with an external RADIUS server

n Termination enabled: EAP-TLS with Common Name (CN) lookup with an

external authentication server

External Captive Portal clients using

the XML-API

PAP