Specifications

ManualsBrandsEnterasys ManualsComputer equipmentN Standalone (NSA) Series

281

282

283

284

285

286

287

288

289

290

Terms and Definitions

June 03, 2011 Page 10 of 12

ThiscompletestheRADIUS‐Snoopingconfigurationexample.

Terms and Definitions

Table 4liststermsanddefinitionsusedinthisRADIUS‐Snoopingconfigurationdiscussion.

Table 4 RADIUS-Snooping Configuration Terms and Definitions

Term Definition

Calling-Station ID An attribute field in the RADIUS request and response frames containing the

RADIUS client MAC address.

Distribution-Tier

Switch

The switch that aggregates edge switch traffic heading into the core network or other

distribution devices.

Edge Switch The switch directly connected to the end-user device.

Filter-ID A vendor defined RADIUS attribute that the modular switch authentication

implementation makes use of, allowing the authenticating device to assign policy,

CLI privilege level, and dynamic VLAN assignment to the end-user.

Multi-Authentication

Methods

The ability to authenticate a user for multiple authentication methods such as 802.1x,

MAC, PWA, or CEP, while only applying the authentication method with the highest

authentication precedence.

Multi-User

Authentication

The ability to authenticate multiple users on a port, assigning unique policy to each

user based upon the user account RADIUS server configuration and policy

configuration on the distribution-tier switch.

MutiAuth

Framework

The aspect of Secure Networks functionality that provides authentication capabilities

including, but not limited to, multi-user and multi-method authentication, application

of policy and Dynamic VLAN assignment.

RADIUS Client In a RADIUS-Snooping context the RADIUS client is the non-Secure Networks

capable edge switch that is responsible for authenticating its attached end-user

device or port.

RADIUS-Snooping

flow table

A table containing the RADIUS client and server ID defining valid RS sessions.

RADIUS Request

Frames

Frames sent by the RADIUS client to the RADIUS server requesting end-user

authentication validation.

RADIUS Response

Frames

Frames sent by the RADIUS server to the RADIUS client either validating or rejecting

an authentication validation request. These frames can also contain the Filter-ID

attribute allowing the assignment of policy, CLI privilege, and dynamic VLAN

assignment.

RADIUS-Snooping Provides non-Secure Networks capable edge switches with the full range of Secure

Networks authentication capabilities when the RADIUS server is upstream of the

distribution-tier switch.