Switch User Manual

ManualsBrandsEnterasys Networks ManualsSwitchSECURESTACK 9034313-07

791

792

793

794

795

796

797

798

799

800

clear multiauth session-timeout

26-48 Authentication and Authorization Configuration

clear multiauth session-timeout

Usethiscommandtoresetthemaximumnumberofconsecutivesecondsanauthenticatedsession

maylastbeforeterminationofthesessiontoitsdefaultvalueof0.

Syntax

clear multiauth session-timeout [dot1x | mac | pwa]

Parameters

Defaults

Ifnoauthenticationmethodisspecified,thesessiontimeoutvalueisresettoitsdefaultvalueof0

forallauthenticationmethods.

Mode

Switchmode,read‐write.

Example

ThisexampleresetsthesessiontimeoutvaluefortheIEEE802.1Xauthenticati onmethodto0

seconds.

C3(su)->clear multiauth session-timeout dot1x

Configuring User + IP Phone Authentication

User+IPphoneauthenticationisalegacyfeaturethatallowsauserandtheirIPphonetobothuse

asingleportonthe

switch buttohaveseparatepolicyroles.Theuser’sPCandtheirIPphoneare

daisy‐chainedtogetherwithasingleconnectiontothenetwork.

Thisspecialapplicationofmulti‐userauthenticationwasinheritedfromlegacyplatforms(suchas

theB2andC2)thatcouldnotnativelysupportmultipleusersperport.

TheSecureStackC3can

supportmultipleusersperportsotheUser+IPphoneapplicationshouldonlybeusedifyouare

integratingSecureStackC3sintoalegacydeployment.

WithʺUser+IPPhoneʺauthentication,thepolicyrolefortheIPphoneisstaticallymappedusing

apolicyadminrule

whichassignsanypacketsreceivedwithaVLANtagsettoaspecificVID(for

example,VoiceVLAN)toanspecifiedpolicyrole(forexample,IPPhonepolicyrole).Therefore,it

isrequiredthattheIPphonebeconfiguredtosendVLAN‐taggedpacketstaggedforthe“Voice”

VLAN.Referto

theUsagesectionforthecommand“setpolicyrule”onpage 11‐10foradditional

informationaboutconfiguringapolicyadminrulethatmapsaVLANtagtoapolicyrole.

NotethatiftheIPphoneauthenticatestothe network,theRADIUSacceptmessagemustreturn

nullvaluesforRFC

3580tunnelattributesand theFilter‐ID.

dot1x (Optional)SpecifiestheIEEE802.1Xport‐basednetworkaccesscontrol

authenticationmethodforwhichtoresetthetimeoutvaluetoits

default.

mac (Optional)SpecifiestheEnterasysMACauthenticationmethodfor

whichtoresetthetimeoutvaluetoitsdefault.

pwa (Optional)SpecifiestheEnterasys

PortWebAuthenticationmethodfor

whichtoresetthetimeoutvaluetoitsdefault.