Specifications

June 03, 2011 Page 1 of 12

Configuring RADIUS-Snooping

Thischapterprovidesthefollowinginformationaboutconfiguringandmonitoring

RADIUS‐SnoopingonEnterasys

N‐Series,S‐Series

,andK‐Seriesmodularswitches.

What is RADIUS-Snooping?

RADIUS‐Snooping(RS)isoneoftheEnterasys

MultiAuthsuiteofauthenticationmethods.See

theConfiguringAuthenticationFeatureGuideforadetaileddiscussionoftheotherauthentication

methodssupportedbyEnterasysmodularswitches.RSresidesonthedistribution‐tierswitch,

allowingformanagementofanydirectlyconnectededgeswitchthatusestheRADIUSprotocolto

authenticateanetwork

end‐station,butdoesnotsupportthefullcomplementoftheEnterasys



SecureNetworks™capabilities.

TheRADIUSclientedge‐switchinitiatesanauthenticationrequest,bysendingaRADIUSrequest

totheRADIUSserverthatresidesupstreamofthedistribution‐tierswitch.Byinvestigatingthe

RADIUSrequestframes,RScandeterminetheMACaddressoftheend‐userdevicebeing

authenticated.Thenetwork

administratorcreatesauseraccountontheRADIUSserverforthe

end‐userthatincludesanypolicy,dynamicVLANassignment,andotherRADIUSandRS

attributesforthisend‐station.By investigatingtheRADIUSresponsefromtheRADIUSserver,RS

canbuildaMutiAu thsessionasthoughtheend‐userwere

directlyconnectedtothe

distribution‐tierdevice.

SessionsdetectedbyRSfunctionidenticallytolocalauthenticatedsessionsfromtheperspectiveof

theEnterasysMultiAuthframework,withtheexceptionthatRScannotforceareauthentication

event;itcanonlytimeoutthesession.

For information about... Refer to page...

What is RADIUS-Snooping? 1

Why Would I Use RADIUS-Snooping in My Network? 2

How Can I Implement RADIUS-Snooping? 2

RADIUS-Snooping Overview 2

Configuring RADIUS-Snooping 6

RADIUS-Snooping Configuration Example 8

Terms and Definitions 10