Alcatel-Lucent OmniSwitch 6860 Series

To Next Page

To Previous Page

Managing Authentication Servers RADIUS Servers

OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 31-7

RADIUS Servers

RADIUS is a standard authentication and accounting protocol defined in RFC 2865 and RFC 2866. A

built-in RADIUS client is available in the switch. A RADIUS server that supports Vendor Specific

Attributes (VSAs) is required. The Alcatel-Lucent Enterprise attributes can include VLAN information,

time-of-day, or slot/port restrictions.

RADIUS Server Attributes

RADIUS servers and RADIUS accounting servers are configured with particular attributes defined in RFC

2138, RFC 2139, and RFC 3162 respectively. These attributes carry specific authentication, authorization,

and configuration details about RADIUS requests to and replies from the server. This section describes the

attributes and how to configure them on the server.

Standard Attributes

The following tables list RADIUS server attributes 1–39 and 60–63, their descriptions, and whether the

Alcatel-Lucent Enterprise RADIUS client in the switch supports them. Attribute 26 is for vendor-specific

information and is discussed in “Vendor-Specific Attributes for RADIUS” on page 31-9. Attributes 40–59

are used for RADIUS accounting servers and are listed in “RADIUS Accounting Server Attributes” on

page 31-10. Attributes 95–100 used for RADIUS servers to support IPv6 network access are listed

in“Configuring the RADIUS Client” on page 31-11

Num. Standard Attribute Notes

1 User-Name Used in access-request and account-request packets.

2 User-Password —

3 CHAP-Password Not supported.

4 NAS-IP-Address Sent with every access-request. Specifies which switches a

user can have access to. More than one of these attributes is

allowed per user.

5 NAS-Port Virtual port number sent with access-request and account-

request packets. Slot/port information is supplied in attribute

26 (vendor-specific).

6Service-Type Framed-User (2) if authentication request type is:

- supplicant/802.1x authentication

- captive-portal authentication

- ASA authentication

Call-Check (10) if authentication request type is:

- MAC based authentication

Related product manuals