User manual ALCATEL-LUCENT OMNISWITCH 9000
DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Diplodocs provides you a fast and easy access to the user manual ALCATEL-LUCENT OMNISWITCH 9000. We hope that this ALCATEL-LUCENT OMNISWITCH 9000 user guide will be useful to you.
You may also download the following manuals related to this product:
ALCATEL-LUCENT OMNISWITCH 9000 HARDWARE USERS GUIDE (11542 ko)
ALCATEL-LUCENT OMNISWITCH 9000 GETTING STARTED GUIDE (2197 ko)
Manual abstract: user guide ALCATEL-LUCENT OMNISWITCH 9000
Detailed instructions for use are in the User's Guide.
[. . . ] from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of Cisco Systems or Nortel Networks.
ii
Part 031650-00
May 2005
Contents
Preface
Document Organization Related Documents . . . . . .
11 12 12 14 22
Managing Software Feature Licenses Alcatel Software Licenses . . . .
Contents
iii
OmniAccess RN: User Guide
Additional Software License Information Permanent Licenses . .
. 9 . 9 . 9 . 9
11 12 14 14
Configuring a Port to Be an Access Port . [. . . ] Captive Portal customization will talk about customizing the captive portal page.
Configuring Captive Portals for Guest Logon
Configuring captive portal for guest logon does not require an authentication server. The user will be re-directed to a logon page, where the user will need to enter the credentials (an email ID in this case). The user is then granted a default role with limited access to browse the internet. Navigate to the Configuration > Security > Authentication Methods > Captive Portal Authentication page.
Configuring the Captive Portal
99
OmniAccess RN: User Guide
2 3
Configure the role that the guest logon users will take. (See "Configuring Firewall Roles and Policies" for information on configuring a role). HTTP: If the protocol selected is http, ensure that the following rules are included in the captiveportal policy:
100
Part 031650-00
May 2005
Chapter 10
user alias mswitch svc-http permit user any svc-http dst-nat 8080 user any svc-https dst-nat 8081
HTTPs: If the protocol is https, ensure that the captiveportal policy has the following rules:
user alias mswitch svc-https permit user any svc-http dst-nat 8080 user any svc-https dst-nat 8081
4
In the default user role of un-authenticated users (logon role by default), ensure that the captiveportal policy has been added. The user traffic needs to hit the rules in this policy for captive portal to work.
Configuring the Captive Portal
101
OmniAccess RN: User Guide
5
Configure the captive portal parameters.
Parameter Default role
Description The role assigned to the guest user on logon. Default: guest
Enable Guest Logon
This field need to be checked to enable guest logon as explained above. Default: Unchecked
Enable User Logon
This field needs to be checked to enable user logon authentication using an authentication server. In case of guest logon this field needs to be unchecked if captive portal is used for guest logon only. Default: Checked
Enable Logout Popup Window
When this is enabled, a pop up window will appear with the Logout link for the user to logout after the user logs in. http / https If http is selected, the captive portal policy will have to be modified to allow http traffic. Default: https
Redirect Pause Timeout
This is the time (in seconds) that the system remains in the initial welcome page before re-directing the user to the final web URL. Default: 10s
Configuring the Captive Portal
107
OmniAccess RN: User Guide
Welcome Page Location
The welcome page is the page that appears soon after logon and before re-direction to the web URL. Default: /auth/welcome. html
Logon wait Interval
Time range in seconds, the user will have to wait for the logon page to pop up in case the CPU load is high. Default: 5 10s
CPU Utilization Threshold
The CPU utilization percentage above which the Logon wait interval gets applied while presenting the user with the logon page. Default value: 60 %
6
From the pull-down menu select the desired role the user will be placed in after logon. Note that this role would be applied only if there are no other derivation rules that supersede it. Ensure that the Enable User Logon checkbox is selected Set the protocol type http or https as per the requirement. Set the welcome page location to the required URL.
7 8 9
Configuring the AAA Server for Captive Portal
To configure the AAA server that captive portal will use for authentication: 1. Click Add under the Authentication Servers heading.
108
Part 031650-00
May 2005
Chapter 10
2 3 4 5
Under Choose an Authentication Server is a pull down menu. From this menu select the authentication server that will be the primary server. [. . . ] In this case however it is used during the transitional phase before converting all system to WPA-TKIP with PEAP authentication.
254
Part 031650-00
May 2005
Chapter 19
Topology Diagram
Local 1
Local 2
Local 3
Topology Description
Redundancy
This topology uses the N+1 redundancy. The master is not redundant which means that if the master goes down, the network will be affected as there is no redundant master to take its place. However if a local switch goes down, the master will take over the operations of the local switch till the local switch recovers.
Topology Example Four
255
OmniAccess RN: User Guide
During failover, the operation state of the client is not maintained and the client will have to re-authenticate to gain access.
VRRP instance VLAN 101 Switches involved VRRP address VRRP instance on local_101 VRRP instance on master VRRP instance VLAN 102 Switches involved VRRP address VRRP instance on local_102 VRRP instance on master VRRP instance VLAN 103 Switches involved VRRP address VRRP instance on local_103 VRRP instance on master Master and Local_101 10. 1. 101. 12 Priority = 150 Pre-empt = enable Priority = 100 Pre-empt = disable Master and Local_102 10. 1. 102. 12 Priority = 150 Pre-empt = enable Priority = 100 Pre-empt = disable Master and Local_101 10. 1. 103. 2 Priority = 150 Pre-empt = enable Priority = 100 Pre-empt = disable
Requirements on the Master Switch
The master switch should have an interface on each of the vlans the local switches belong to. The master switch also has a separate VRRP instance for each of the local switches corresponding to the local switch's VLAN and subnet. [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE ALCATEL-LUCENT OMNISWITCH 9000
Click on "Download the user Manual" at the end of this Contract if you accept its terms, the downloading of the manual ALCATEL-LUCENT OMNISWITCH 9000 will begin.