EasyManuals Logo
Home>Enterasys>Other>b5

Enterasys b5 User Manual

Enterasys b5
714 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #590 background imageLoading...
Page #590 background image
Overview of Authentication and Authorization Methods
22-2 Authentication and Authorization Configuration
TACACS+application.WhenRADIUS orTACACS+isenabled,this essentiallyoverrideslogin
useraccounts.WhenHACAisactiveperavalidRADIUSorTACACS+configuration,theuser
namesandpasswordsusedtoaccesstheswitchviaTelnet,SSH,WebView,andCOMports
willbevalidatedagainsttheconfiguredRADIUSserver.Only
inthecaseofaRADI US
timeoutwillthosecredentialsbecomparedagainstcredentialslocallyconfiguredonthe
switch.
Fordetails,refertoConfiguringRADIUSonpage 226.
•SNMPuserorcommunitynamesallowsaccesstotheEnterasysB5switchviaanetwork
SNMPmanagementapplication.Toaccesstheswitch,youmust enteranSNMPuseror
communitynamestring.Thelevelofmanagementaccessisdependenton
theassociated
accesspolicy.Fordetails,refertoChapter 8.
802.1XPortBasedNetworkAccessControlusingEAPOL(ExtensibleAuthenticationProtocol)
providesamechanismviaaRADIUSserverforadministratorstosecurelyauthenticateand
grantappropriateaccesstoenduserdevicescommunicatingwithEnterasysB5ports.For
detailsonusingCLI
commandstoconfigure802.1X,refertoConfiguring802.1X
Authenticationonpage 22 15.
•MACAuthenticationprovidesamechanismforadministratorstosecurelyauthenticate
sourceMACaddressesandgrantappropriateaccesstoenduserdevicescommunicatingwith
EnterasysB5ports.Fordetails,refertoConfiguringMACAuthenticationonpage 2225.
•MultipleAuthenticationMethodsallowsuserstoauthenticateusingmultiplemethodsof
authenticationonthesameport.Fordetails,refertoConfiguringMultipleAuthentication
Methodsonpage 2237.
•MultiUserAuthentication—allowsmultipleusersanddevicesonthesameportto
authenticateusinganysupportedauthenticationmethod.Eachuseror
devicecanbemapped
tothesameordifferentrolesusingEnterasyspolicyforaccesscontrol,VLANauthorization,
trafficratelimiting,andqualityofservice.Thisisthemostflexibleandpreferredmethodto
useforVoIP(PCdaisychainedtoaphone). Fordetails,refertoAboutMultiUser
Authenticationonpage 22 37.RefertoAppendix A,PolicyandAuthenticationCapacities,
foralistingofthenumberofusersperportsupportedbytheEnterasysB5.
•User+IPPhone(Legacyfeature)TheUser+IPPhoneauthentication featu reprovides
legacysupportforauthenticationandauthorizationoftwodevices,
specificallyaPCcascaded
withaVLANtaggingIPphone,onasingleportonthe
switch.TheIPphonemust
authenticateusingMACor802.1Xauthentication,but theusermayauthenticatebyany
method.ThisfeatureallowsboththeusersPCandIPphonetosimultaneouslyauthenticate
onasingleportandeachreceiveauniquelevelofnetworkaccess.Fordetails,referto
Configuring
User+IPPhoneAuthenticationonpage 2248.
•RFC3580tunnelattributesprovideamechanismtocontainan802.1X,MAC,orPWA
authenticatedusertoaVLANregardlessofthePVID.Thisfeaturedynamicallyassignsa
VLANbasedontheRFC3580tunnelattributesreturnedintheRADIUSacceptmessage.Refer
toConfiguringVLANAuthorization(RFC3580)onpage 2249.
ConfiguringPolicyMaptableResponseallowsyoutodefinehowthesystemshouldhandle
allowinganauthenticateduserontoaportbasedonthecontentsoftheRADIUSserver
AccessAcceptreply.Therearethreepossibleresponsesettings:tunnelmode,policy
mode,or
Note: To configure EAP pass-through, which allows client authentication packets to be forwarded
through the switch to an upstream device, 802.1X authentication must be globally disabled with the
set dot1x command.
Note: User + IP Phone authentication is a legacy feature that should only be used if you have
already implemented User + IP Phone in your network with switches that do not support true
multi-user authentication.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Enterasys b5 and is the answer not in the manual?

Enterasys b5 Specifications

General IconGeneral
BrandEnterasys
Modelb5
CategoryOther
LanguageEnglish