Manualshelf

User guide

ManualsBrandsAlcatel ManualsComputer equipmentOS6855-24
21222324252627282930
September 2009
OmniSwitch 6400/6850/6855/9000/9000E------ Release 6.4.2.R01 Page 27 of 79
the switch is ACE/Server, which is a part of RSA Security’s SecurID product suite. RSA Security’s
ACE/ Agent is embedded in the switch.
By default, switch management users may be authenticated through the console port via the local user
database. If external servers are configured for other management interfaces but the servers become
unavailable, the switch will poll the local user database for login information if the switch is configured
for local checking of the user database. The database includes information about whether or not a user
is able to log into the switch and what kinds of privileges or rights the user has for managing the
switch.
Authenticated VLANs
Authenticated VLANs control user access to network resources based on VLAN assignment and a user
log-in process; the process is sometimes called user authentication or Layer 2 Authentication. (Another
type of security is device authentication, which is set up through the use of port-binding VLAN
policies or static port assignment.)
The total number of possible AVLAN users is 2K per system, not to exceed 1K per module or
stackable unit. This number is a total number of users that applies to all authenticated clients, such as
AVLAN and 802.1X supplicants or non-supplicants. The Omniswitch supports the use of all
authentication methods and Learned Port Security (LPS) on the same port.
Layer 2 Authentication is different from Authenticated Switch Access, which is used to grant
individual users access to manage the switch.
The following table provides the platforms and browser support information for AVLAN web
authentication:
Platforms Supported Web Browser Supported Java Version
Windows 2000 IE6 Java 1.6 update 5 through 12
Windows XP IE6, IE7, FireFox2, FireFox3,
Netscape 9.0
Java 1.6 update 5 through 12
Windows Vista IE7, Firefox3, Netwscape 9.0 Java 1.6 update 5 through 12
Linux Netscape 4.75 and later --
MAC OS 10.5 Safari 3.0.4 Java 12.0
Automatic VLAN Containment (AVC)
In an 802.1s Multiple Spanning Tree (MST) configuration, it is possible for a port that belongs to a
VLAN, which is not a member of an instance, to become the root port for that instance. This can cause
a topology change that could lead to a loss of connectivity between VLANs/switches. Enabling
Automatic VLAN Containment (AVC) helps to prevent this from happening by making such a port an
undesirable choice for the root.
When AVC is enabled, it identifies undesirable ports and automatically configures them with an
infinite path cost value.
Balancing VLANs across links according to their Multiple Spanning Tree Instance (MSTI) grouping is
highly recommended to ensure that there is not a loss of connectivity during any possible topology
changes. Enabling AVC on the switch is another way to prevent undesirable ports from becoming the
root for an MSTI.
Bi-Directional Forwarding Detection (BFD)
Bidirectional Forwarding Detection (BFD) is a hello protocol that can be configured to interact with
routing protocols for the detection of path failures and can reduce the convergence time in a network.