Datasheet
Alcatel-Lucent Page 85
OmniSwitch 9000
keep backing-off up to 2,147,483,647 and stay fixed at this value until the traffic generation is halted
or reduced. That is even running only one 1G interface at wire rate on the OS6850 will back-off to
2147483647 and stay at this (maximum, safe) sampling rate.
Recommended sampling rates for various speeds at various load:
Sampling Rates
Link Speed Light Load
Medium
Load
Heavy
Load
10Mb/s 256 512 8192*
100Mb/s 512 1024 65536*
1Gb/s 1024 2048 Max*
10Gb/s 2048 4096 Max*
*8192 is the empirical value found in the lab for 10Mbs, 65536 for 100 Mbps
*Max: because the OS6850 always backs-off to a max sampling rate of 2147483647 for wire rate at
these rates. All other values are those recommended by Inmon. Whatever the configured sampling rate,
the back-off mechanism will set the ‘meanskipcount’ higher or lower depending on what is the
‘unaffecting’ sampling rate for the CPU.
TACACS+ Supported platform: OS6800, OS6850, and OS9000
Release 6.1.3.R01 is the first release to support TACACS+ AAA.
AOS implementation is based on the Tacacs+ Protocol: draft-grant-tacacs-02.txt, January 1997.
Overview:
ASA or Authenticated Switch Access to AOS OmniSwitch running 6.1.3.R01 can be configured to add
servers and forward AAA requests to TACACS+. TACACS+ servers are configured similar to
RADIUS or LDAP servers; however, (MD5) encryption key is optional.
AAA authentication and accounting services must be configured to point to the desired TACACS+
server. It is possible to set authentication and authorization to one TACACS+ server and accounting
requests to a different server.
The number of configurable servers and fail over to second server is uniform across all AAA server
types: Up to 4 servers can be configured and all queries will be sent to the 1st server only. If 1st server
is online and user exists on 2nd server, the result will be failed authentication. If the 1st server is down,
authentication and authorization requests will only be sent to “next available” server. If all servers are
down, all logins will fail.
Different AAA services can be configured to query different authentication servers. All services may
use a common authentication protocol or mix of supported protocols: Telnet service may be configured
to query RADIUS while http/ftp may be configured to query TACACS+. Or all may query RADIUS.
Or all may query TACACS+. In all cases accounting server protocol must match
authentication/authorization server protocol.
AOS TACACS+ does not support authentication for network or windows domain access. Only AOS
switch access with Partition Management type domain family attribute/value pairs is supported.
This to say different users or groups of users may be assigned various levels of AOS switch
management privileges.
The TACACS+ servers run as an external server on Unix or Windows. We have tested with CISCO
TACACS+ freeware for Unix and Cisco’s Secure ACSv4.0
TACACS+ uses TCP instead of UDP. Each login and supported command is queried back to the server
for authorization.
TACACS+ configuration is fully supported with AOS WebView.
Notes:
•Tacacs+ supports Authenticated Switch Access and cannot be used for user authentication.
•Authentication and Authorization operations are combined together and cannot be performed
independently. This implies that when Tacacs+ authentication is enabled, Tacacs+ authorization is also
enabled. Disabling Tacacs+ authentication automatically disables authorization.
•A maximum of 50 simultaneous Tacacs+ sessions can be supported, when no other authentication
mechanism is activated. This is a limit enforced by the AAA application.
Power over Ethernet
The Standard in brief
• In IEEE 802.3af standard, POE transmits power over the same pair as the data.
This method is called the resistive detection method.
• In non-802.3af or pre-802.3af standard, POE transmits power over a spare pair (not the
same pair as the data). This method is called the capacitor detection method.
Max power per port
• The max power per port is 18 watts for OS9000. Using 350 milliamps in the standard to
calculate max power, this is based on tight tolerances (+-0.5) for OS9000 POE power supplies (Vmain)
at 52 volts.