Specifications

ManualsBrandsEnterasys ManualsComputer equipment802.1Q

Authentication Overview

April 15, 2011 Page 6 of 36

Figure 1 Applying Policy to Multiple Users on a Single Port

MultiAuth Authentication

Authenticationmodesupportprovidesforthe globalsettingofasingleauthenticationmode

802.1X(strict‐mode)ormultiplemodes(MultiAuth)peruserorportwhenauthenticating.

Strictmodeistheappropriatemodewhenauthenticatingasingle802.1Xuser.Alltrafficonthe

portreceivesthesamepolicyinstrictmode.When

authenticatingPWA,CEP,orMAC,youmust

useMultiAuthauthentication,whetherauthenticatingasingleormultiplesupplicants.

MultiAuthauthenticationsupportsthesimultaneousconfigurationofuptothreeauthentication

methodsperuseronthesameport,butonlyonemethodperuserisactuallyapplied.When

MultiAuthauthenticationportshaveacombination

ofauthenticationmethodsenabled,andauser

issuccessfullyauthenticatedformorethanonemethodatthesametime,theconfigured

authenticationmethodprecedencewilldeterminewhichRADIUS‐returnedFilter‐IDwillbe

processedandresultinanappliedtrafficpolicyprofile.See“SettingMultiAuthAuthentication

Precedence”onpage 21

forauthenticationmethodprecedencedetails.

ThenumberofusersordevicesMultiAuthauthenticationsupportsdependsuponthetypeof

device,whethertheportsarefixedaccessoruplink,andwhetherincreasedportcapacityorextra

chassisusercapacityMUAlicenseshavebeenapplied.Seethefirmwarecustomerreleasenote

thatcomes

withyourdevicefordetailsonthenumberofusersordevicessupportedperport.

InFigure 2,multipleusersareauthenticatedonasingleporteachwithadifferentauthentication

method.Inthiscase,eachuseronasingleportsuccessfullyauthenticateswithadifferent

authenticationtype.Theauthenticationmethodis

includedintheauthenticationcredentialssent

totheRADIUSserver.RADIUSlooksuptheuseraccountforthatuserbasedupontheSMAC.The

Filter‐IDforthatuserisreturnedtotheswitchintheauthenticationresponse,andthe

authenticationisvalidatedforthatuser.

User 1

SMAC

00-00-00-11-11-11

User 2

SMAC

00-00-00-22-22-22

User 3

SMAC

00-00-00-33-33-33

Authentication

Request

Authentication

Credentials User 2

User1 Filter ID --> Policy X

User2 Filter ID --> Policy Y

User3 Filter ID --> Policy Z

Authentication

Credentials User 1

Authentication

Credentials User 3

Dynamic Admin Rule

for Policy 1

SMAC = 00-00-00-11-11-11

ge.1.5

Dynamic Admin Rule

for Policy 2

SMAC = 00-00-00-22-22-22

ge.1.5

Dynamic Admin Rule

for Policy 3

SMAC = 00-00-00-33-33-33

ge.1.5

Authentication

Response

Authentication

Request

Authentication

Response

Authentication

Request

Switch

Authentication

Response

Radius Server

Port ge.1.5