EasyManua.ls Logo

Alcatel-Lucent AOS-W 6.5.3.x - Page 219

Alcatel-Lucent AOS-W 6.5.3.x
1160 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Clients Authentication Methods
MAC-based Authentication clients PAP
VPN clients n PAP with an external authentication server
n CN lookup with an external authentication server
VIA and other VPN clients PAP method and CN lookup
Wireless Internet Service Provider
roaming (WISPr) clients
PAP
In this initial release, the external authentication server can be either a RADIUS server or an LDAP server.
Supported Key Reply Attributes
The following key reply attributes are supported:
n ARUBA_NAMED_VLAN
n ARUBA_NO_DHCP_FINGERPRINT
n ARUBA_ROLE
n ARUBA_VLAN
n MS_TUNNEL_MEDIUM_TYPE
n MS_TUNNEL_PRIVATE_GROUP_ID
n MS_TUNNEL_TYPE
n PW_SESSION_TIMEOUT
n PW_USER_NAME
Support Restrictions
The authentication survivability feature has the following support restrictions:
n The Survival Server cache database is station-based (thus, the MAC address is the key), so authentication
survivability is not supported for any station with a zero MAC address.
n For a client using EAP-TLS, you must install the issuer certificate of the Survival Server certificate as a
TrustedCA certificate in the client station.
n For an 802.1X client using EAP-TLS that does not terminate at the switch, the issuer certificate for the client
certificate must be imported as a TrustedCA or an intermediateCA certificate at the switch—just as the same
certificate must be installed at the terminating External RADIUS server.
n The Survival Server does not support the Online Certificate Status Protocol (OCSP) nor the Certificate
Revocation List (CRL) for EAP-TLS.
n Authentication survivability will not activate if Authentication Server Dead Time is configured as 0.
To configure Authentication Server Dead Time, on the switch, navigate to:Configuration > SECURITY >
Authentication > Advanced > Authentication Timers > Authentication ServerDeadTime (min).
Administrative Functions
This section describes the scenarios that illustrate the functionality that the authentication survivability feature
provides. For more information, see:
n WAN Failure (Authentication) Survivability on page 218
AOS-W 6.5.3.x | User Guide BranchSwitch Config for Cloud Services Switches | 219

Table of Contents