beautypg.com

Roaming authentication feature interactions – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1121

background image

Authentication Introduction and Configuration

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

42.25

Roaming Authentication Feature Interactions

When the Roaming Authentication feature is disabled, a supplicant must be re-
authenticated on the destination interface when it roams. When the Roaming
Authentication is enabled, the following supplicant authentication status and information
is inherited from the source interface:

Authentication status

Authentication method

Supplicant MAC address

Supplicant IP address
(if an authenticated interface is configured for Web authentication)

Supplicant name

Authorized dynamic VLAN ID

Authorized RADIUS server

Reauthentication timer
(if configured using the

auth timeout reauth-period command on page 43.23

)

Roaming Authentication is only supported between interfaces with the same
authentication configuration. If source and destination interfaces have different
authentication configuration then the supplicant will be re-authenticated at the
destination interface.

When the host mode is set with the

auth host-mode command on page 43.10

, a

supplicant is not authenticated on a destination interface, and the authentication status is
deleted on the source interface.

When a supplicant moves from an interface with authentication configured to an interface
without authentication configured, the supplicant’s authentication status is deleted.

A supplicant is re-authenticated when it moves to a destination interface that is
configured on a different VLAN than the VLAN that is configured for the source interface.

See the following Roaming Authentication feature interactions:

Multiple Dynamic VLANs are supported when configured with the

auth dynamic-

vlan-creation command on page 43.6

using the multi parameter. Multiple Dynamic

VLANs are disabled by default.

Supplicants are re-authenticated on the destination interface if the VLAN ID changes
when Single Dynamic VLANs are configured with the

auth dynamic-vlan-creation

command on page 43.6

the using the single parameter. Single Dynamic VLANs are

disabled by default.

The Roaming Authentication feature is supported on Guest VLANs configured by the

auth guest-vlan command on page 43.8

.

When the Roaming Authentication feature is configured for use on a stack with the
VCStack feature, note that supplicants are initialized and re-authenticated if a VCStack
failover occurs.

See also other documents in the category Allied Telesis Computer hardware: