Specifications

ManualsBrandsEnterasys ManualsNetworkingEnterasys SecureStack B2 B2G124-24

551

552

553

554

555

556

557

558

559

560

Configuring Multiple Authentication Methods

SecureStack B2 Configuration Guide 19-33

Configuring Multiple Authentication Methods

About Multiple Authentication Types

Whenenabled,multipleauthenticationtypesallowuserstoauthenticateusingmorethanone

methodonthesameport.Inorderformultipleauthenticationtofunctiononthedevice,each

possiblemethodofauthentication(MACauthentication, 802.1X,PWA)mustbeenabledglobally

andconfiguredappropriatelyonthedesiredportswithitscorresponding

commandsetdescribed

inthischapter.

Multipleauthenti cationmodemustbegloballyenabledonthedeviceusingthesetmultiauth

modecommand.

Configuring Multi-User Authentication (User + IP phone)

TheUser+IPphonemulti‐userauthenticationfeatureallowsauserandtheirIP phonetobothuse

asingleportontheB2buttohaveseparatepolicyroles.

ʺUser+IPPhoneʺAuthenticationontheSecureStackB2isimplementedbyassigninganingressed

packetreceivedonaport

toapolicyrolebasedontheVLANthepacketwasassignedto,andnot

thepacketʹssourceMACaddress.Therefore,onaportconfiguredforUser+IPPhone

Authentication,thereexiststwodifferentVLAN‐to‐policyrolemappings.

ThepolicyrolefortheIP phoneisstatically

mappedusingtheVLAN‐to‐policymappingfea ture

whichassignsanypacketsreceivedwithaVLANtagsettoaspecificVID(forexample,Voice

VLAN)toanindicatedpolicyrole(forexample,IPPhonepolicyrole).Therefore,itisrequiredthat

IPphoneisconfiguredtosendVLANtaggedpackets

tothe“Voice”VLAN.RefertotheUsage

sectionforthecommand“setpolicyrule”onpage 12‐10foradditionalinformation.

Thesecondpolicyrole,fortheuser,caneitherbestaticallyconfiguredwiththedefaultpolicyrole

ontheportordynamicallyassignedthroughauthenticationtothenetwork.When

thedefault

policyroleisassignedonaport,theVLANsetastheportʹsPVIDismappedtothedefaultpolicy

role.Whenapolicyroleisdynamicallyappliedtoaportastheresultofasuccessfully

authenticatedsession,the“authenticatedVLAN”ismappedtothepolicy

rolesetintheFilter‐ID

returnedfromtheRADIUSserver.The“authenticatedVLAN”mayeitherbethePVIDoftheport,

ifthePVIDOverrideforthepolicyprofileisdisabled,ortheVLANspecifiedinthePVIDOverride

ifthePVIDOverrideisenabled.

Commands

Note: B2 devices support up to three authenticated users per port.

Note: The only Multi-User Authentication supported on the B2 is User + IP phone. The IP phone

and the user may authenticate using 802.1x or MAC authentication.

For information about... Refer to page...

show multiauth 19-34

set multiauth mode 19-35

clear multiauth mode 19-35