Authenticated vlans, Pr 98369, Policy server management – Alcatel-Lucent 6850 User Manual
Page 77
Open Problem Reports and Feature Exceptions
OmniSwitch 6800/6850/9000—Release 6.1.3.R01
page 77
Authenticated VLANs
Problem Reports
PR 87642
On an OS6800, the CLI command to specifically disable 802.1x or AVLAN authentication on a port will
disable either of the authentication options configured on the port.
Workaround: There is no known workaround at this time.
PR 98369
DHCP is not supported with port-binding AVLANs on OS6800/OS6850. When DHCP packets are used to
trigger the port binding rules, none of the rules work.
Workaround: There is no known workaround at this time.
PR 106976
When DHCP Snooping's IP Source Filtering is enabled on the Authenticated VLAN port of an OS6850,
the authentication (via Telnet or HTTP) will fail.
Workaround: Cannot enable IP Source Filtering on AVLAN ports, since IP Source Filtering (work as
expected) is blocking the IP traffic.
Policy Server Management
Problem Reports
PR 103324
An OS6850 will not change the IP address automatically even if the supplicant client is running that can
automatically do the ipconfigure release and renew when dynamically changing classification policy when
an IP net rule is configured. Depending on what traffic is running, some packets may satisfy the IP net
rule and the supplicant will be classified according to the IP net rule.
Workaround: User has to be aware that when the IP net rule is configured and when dynamically chang-
ing the classification policy that as group mobility as one of the classification option, traffic from suppli-
cant may still have the old IP address on the vlan that the supplicant was classified before the policy is
changed. The IP net rule will cause the client to be learned on the vlan that it was previously learned on.
E.g. supplicant is learned on vlan x and has an IP address with vlan x's subnet. There is also an IP net rule
for vlan x's IP to be classified on vlan x. When user dynamically changes the classification policy, the
supplicant may still be learned on vlan x because the PC has traffic coming out with VLAN x's subnet and
thus device classification task will classify the supplicant on VLAN x again.