EasyManuals Logo

OmniSwitch os6900 User Manual

Default Icon
942 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #771 background imageLoading...
Page #771 background image
Managing Authentication Servers Server Overview
OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 29-5
Server Overview
Authentication servers are sometimes referred to as AAA servers (authentication, authorization, and
accounting). These servers are used for storing information about users who want to manage the switch
(Authenticated Switch Access) and users who need access to a particular VLAN or VLANs (Authenti-
cated VLANs).
RADIUS, TACACS +, or LDAP servers can be used for Authenticated Switch Access and/or Authenti-
cated VLANs. Another type of server, SecurID ACE/Server, can be used for authenticated switch access
only; the ACE/Server is an authentication-only server (no authorization or accounting). Only RADIUS
servers are supported for 802.1X Port-based Network Access Control.
The following table describes how each type of server can be used with the switch:
Backup Authentication Servers
Each RADIUS, TACACS+, and LDAP server can have one backup host (of the same type) configured
through the aaa radius-server, aaa tacacs+-server, and aaa ldap-server commands, respectively. In
addition, each authentication method (Authenticated Switch Access, Authenticated VLANs, or 802.1X)
can specify a list of backup authentication servers that includes servers of different types (if supported on
the feature).
The switch uses the first available authentication server to attempt to authenticate users. If user informa-
tion is not found on the first available server, the authentication attempts fails.
Authenticated Switch Access
When RADIUS, TACACS+, and/or LDAP servers are set up for Authenticated Switch Access, the switch
polls the server for user login information. The switch also polls the server for privilege information
(authorization) if it has been configured on the server; otherwise, the local user database is polled for the
privileges.
For RADIUS, TACACS+, and LDAP, additional servers can be configured as backups.
Server Type
Authenticated Switch
Access
Authenticated VLANs
802.1X Port-Based
Network Access Control
ACE/Server yes (except SNMP) no no
RADIUS yes (except SNMP) yes yes
TACACS+ yes (including SNMP) yes no
LDAP yes (including SNMP) yes no

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the OmniSwitch os6900 and is the answer not in the manual?

OmniSwitch os6900 Specifications

General IconGeneral
BrandOmniSwitch
Modelos6900
CategorySwitch
LanguageEnglish