Name: Enterasys b5
Brand: Enterasys
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Overview of Authentication and Authorization Methods

Enterasys B5 CLI Reference 22-3

bothtunnelandpolicy,alsoknownashybridauthenticationmode.Referto“Configuring

PolicyMaptableResponse”onpage 22 ‐52.

•MACLocking–locksaporttooneormoreMACaddresses,preventingtheuseof

unauthorizeddevicesandMACspoofingontheportFordetails,referto“ConfiguringMAC

Locking

”onpage 22‐57.

•PortWebAuthentication(PWA)–passesalllogininform ationfromtheendstationtoa

RADIUSserverforauthenticationbeforeallowingausertoaccessthenetwork.PWAisan

alternativeto802.1XandMACauthentication.Fordetails,referto“ConfiguringPortWeb

Authentication(PWA)”

onpage 22‐68.

•SecureShell(SSH)–providessecureTelnet.Fordetails,referto“ConfiguringSecureShell

(SSH)”onpage 22‐80.

•IPAccessLists(ACLs)–permitsordeniesaccesstoroutinginterfacesbasedonprotocoland

inboundand/oroutboundIPaddressrestrictionsconfiguredinaccesslists.Fordetails,referto



“ConfiguringAccessLists”onpage 22‐82.

• TACACS+(TerminalAccessControllerAccess‐ControlSystemPlus)

– asecurityprotocol

developedbyCiscoSystemsthatcanbeusedasanalternativetothestandardRADIUS

securityprotocol(RFC2865).TACACS+runsoverTCPandencryptsthebodyofeachpacket.

RefertoChapter 23,TACACS+Configuration,forinformationaboutthecommandsusedto

configureTACACS+.

RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment

IfyouconfigureanauthenticationmethodthatrequirescommunicationwithaRADIUSserver,

youcanusetheRADIUSFilter‐IDattributetodynamicallyassignapolicyprofileand/or

managementleveltoauthenticatingusersand/ordevices.

TheRADIUSFilter‐IDattributeissimplyastringthatisformattedintheRADIUSAccess‐

Accept

packetsentbackfromtheRADIUSservertotheswitchduringtheauthenticationprocess.

EachusercanbeconfiguredintheRADIUSserverdatabasewithaRADIUS Filter‐IDattribute

thatspecifiesthenameofthepolicyprofileand/ormanagementleveltheusershouldbeassigned

uponsuccessfulauthentication.During

theauthenticationprocess,whentheRADIUSserver

returnsaRADIUSAccess‐AcceptmessagethatincludesaFilter‐IDmatchingapolicyprofilename

configuredontheswitch,theswitchthendynamicallyappliesthepolicyprofiletothephysical

porttheuser/deviceisauthenticatingon.

Filter-ID Attribute Formats

Enterasys NetworkssupportstwoFilter‐IDformats—“decorated”and“undecorated.”The

decoratedformathasthreeforms:

•Tospecifythepolicyprofiletoassigntotheauthenticatinguser(networkaccess

authentication):

Enterasys:version=1:policy=string

wherestringspecifiesthepolicyprofilename.Policyprofilenamesarecase‐sensitive.

•Tospecifyamanagementlevel(managementaccessauthentication):

Enterasys:version=1:mgmt=level

where

levelindicatesthemanagementlevel,eitherro,rw,orsu.

•Tospecifybothmanagementlevelandpolicyprofile:

Enterasys:version=1:mgmt=level:policy=string

Brand	Enterasys
Model	b5
Category	Other
Language	English

Enterasys b5 User Manual

Table of Contents

Questions and Answers:

Enterasys b5 Specifications