224| BranchSwitch Config for Cloud Services Switches AOS-W 6.5.3.x| User Guide
Table 61: WISPr Authentication Using PAP
When Authentication Servers Are Available
When Authentication Servers Are Not
Available
For a WISPr client authenticated by an external server using
PAP:
n If authentication succeeds, the associated access
credential, along with an encrypted SHA-1 hash of the
password and Key Reply attributes, are stored in the
Survival Server database.
n If authentication fails, the associated access credential
and Key Reply attributes (if they exist) associated with
the PAP method are deleted from the Survival Server
database.
When there is no available in-service server in the
associated server group, the Survival Server
authenticates the WISPr client using PAP.
Upon successful authentication, the Survival Server
uses the previously stored unexpired credential to
perform authentication, and returns the previously
stored Key Reply attributes .
WAN Health Check
The health-check feature uses ping-probes to measure WAN availability and latency on selected uplinks. Based
upon the results of this health-check information, the switch can continue to use its primary uplink, or failover
to a backup link. Latency is calculated based on the round-trip time (RTT) of ping responses. The results of this
health check appear in the WAN section of the Monitoring Dashboard.
For details on configuring this feature using the Smart Config WebUI, see WANHealth Check on page 252.
WAN Optimization through IP Payload Compression
Data compression reduces the size of data frames that are transmitted over a network link, thereby reducing
the time required to transmit the frame across the network. IP payload compression is one of the key features
of the WAN bandwidth optimization solution, which is comprised of the following elements:
n IP Payload Compression
n Traffic Management and QoS
n Caching
Since the branch switch can send traffic to destinations other than the corporate headquarters on the same
link, the preferred method is to enable payload compression on the IPsec tunnel between the branch switch
and the master switch.
IP payload should be enabled only between Alcatel-Lucent devices. When this hardware-based compression feature
is enabled, the quality of unencrypted traffic (such as Skype4b or Voice traffic) is not compromised through increased
latency or decreased throughput.
Starting from AOS-W 6.5.1, WAN optimization through IP payload compression is supported in OAW-4450
switches.
Distributed Layer 3 Branch Deployment Model
In the branch deployment model shown in Figure 40, the IPsec tunnels are terminated on the master switch.
IPsec tunnels are treated as master-local tunnels.
Figure 40 Branch Deployment Model with Master Switch in HQ
To Next Page
Loading...