Switch User Manual

ManualsBrandsEnterasys Networks ManualsSwitchSECURESTACK 9034313-07

781

782

783

784

785

786

787

788

789

790

Configuring Multiple Authentication Methods

SecureStack C3 Configuration Guide 26-37

Configuring Multiple Authentication Methods

About Multiple Authentication Types

Whenenabled,multipleauthenticationtypesallowsausertoauthenticateusingmorethanone

methodonthesameport.Inorderformultipleauthenticationtofunctiononthedevice,each

possiblemethodofauthentication(MACauthentication, 802.1X,PWA)mustbeenabledglobally

andconfiguredappropriatelyonthedesiredportswithits

correspondingcommandsetdescribed

inthischapter.Theprecedenceconfiguredfortheauthenticationmethodsdetermineswhich

authenticationmethodisactuallyappliedtotheuser,device,orport.

Multipleauthenti cationmodemustbegloballyenabledonthedeviceusingthesetmultiauth

modecommand.Authenticationprecedencecanbeconfiguredwiththe

setmultiauthprecedence

command.

About Multi-User Authentication

Multi‐userauthenticationreferstotheabilitytoauthenticatemorethanoneuserordeviceonthe

sameport,witheachuserordevicebeingprovidedtheappropriatelevelofnetworkresources

basedonpolicy.

Whenasinglesupplicantconnectedtoanaccess layerportauthenticates,apolicyprofilecanbe

dynamicallyappliedtoalltrafficontheport.Whenmulti‐userauthenticationisnotimplemented,

andmorethanonesupplicantisconnectedtoaport,thefirmwaredoesnotprovisionnetwork

resourcesonaper‐userorper‐devicebasis,eventhoughdifferentusersordevicesmayrequirea

differentset

ofnetworkresources.

Inordertosupportprovisioningnetworkresourcesonaper‐userbasis,byapplyingthepolicy

configuredintheRADIUSfilter‐ID orRFC3580tunnelattributesforagivenuserordevice,the

switchmustbethepointofauthenticationfortheattacheddevices.TheRADIUS

filter‐IDand

tunnelattributesarepartoftheRADIUSuseraccountandareincludedintheRADIUSaccess‐

acceptmessageresponsereceivedbytheswitchfromtheauthenticationserver.

Themaximumnumberofmultipleuserssupportedperportdependsonyourplatform.Referto

Appendix A,PolicyandAuthenticationCapacitiesfor

adescriptionofthemulti‐usercapacities

forthisdevice.Bydefault,thenumberofallowedusersperportissetto1.Toconfigurethe

numberofallowedusersperport,usethesetmultiauthportnumuserscommand.Usetheshow

multiauthportcommandtodisplaythecurrentvalues

of“Maxusers”and “A l l o w e d users”per

port.

Commands

For information about... Refer to page...

show multiauth 26-38

set multiauth mode 26-39

clear multiauth mode 26-39

set multiauth precedence 26-40

clear multiauth precedence 26-40

show multiauth port 26-41

set multiauth port 26-41