Alcatel OS6400-24 Betriebsanweisung PDF herunterladen (Seite 12)

August 2008

Page 12 of 55 OmniSwitch 6400------ Release 6.3.3.R01

Feature Descriptions

802.1AB with MED Extensions

IEEE 802.1AB (2005) is the latest version for the standards based connectivity discovery protocol. The

purpose of the IEEE standard 802.1AB for Link Layer Discovery Protocol (LLDP) is to provide support

for network management software, such as OmniVista, that deals with topology discovery. Switches that

are compliant with 802.1AB use TLV (Time, Length, Value) frames to exchange information with

neighboring devices and maintain a database of the information exchanged. The Link Layer Discovery

Protocol-Media Endpoint Discover (LLDP-MED) is designed to extend IEEE 802.1AB functionality to

exchange information such as VLANs and power capabilities.

802.1Q

802.1Q is an IEEE standard for sending frames through the network tagged with VLAN identification.

802.1Q tagging is the IEEE version of VLANs. It is a method of segregating areas of a network into

distinct VLANs. By attaching a label, or tag, to a packet, it can be identified as being from a specific area

or identified as being destined for a specific area.

When a port is enabled to accept tagged traffic, by default both 802.1Q tagged and untagged traffic is

automatically accepted on the port. Configuring the port to accept only tagged traffic is also supported.

802.1x Device Classification (Access Guardian)

In addition to the authentication and VLAN classification of 802.1x clients (supplicants), this implementa-

tion of 802.1x secure port access extends this type of functionality to non-802.1x clients (non-supplicants).

To this end device classification policies are introduced to handle both supplicant and non- supplicant

access to 802.1x ports.

Supplicant policies use 802.1x authentication via a remote RADIUS server and provide alternative meth-

ods for classifying supplicants if the authentication process either fails or does not return a VLAN ID.

Non-supplicant policies use MAC authentication via a remote RADIUS server or can bypass authentication

and only allow strict assignment to specific VLANs. MAC authentication verifies the source MAC address

of a non-supplicant device via a remote RADIUS server. Similar to 802.1x authentication, the switch sends

RADIUS frames to the server with the source MAC address embedded in the username and password

attributes.

The number of possible 802.1X users is 2K per system. This number is a total number of users that applies

to all authenticated clients, such as AVLAN and 802.1X supplicants or non-supplicants. In addition the use

of all authentication methods and Learned Port Security (LPS) on the same port is supported.

Classification of both supplicant and non-supplicant devices using non-supplicant device classification

policies is supported. As a result, MAC authentication is now applicable to both supplicant and non-

supplicant devices.

1 2 ... 7 8 9 10 11 12 13 14 15 16 17 ... 54 55

Keine Kommentare

Alcatel OS6400-24 Betriebsanweisung Seite 12