Enterasys b5

To Next Page

To Previous Page

Configuring Multiple Authentication Methods

Enterasys B5 CLI Reference 22-37

Configuring Multiple Authentication Methods

About Multiple Authentication Types

Whenenabled,multipleauthenticationtypesallowsausertoauthenticateusingmorethanone

methodonthesameport.Inorderformultipleauthenticationtofunctiononthedevice,each

possiblemethodofauthentication(MACauthentication, 802.1X,PWA)must beenabledglobally

andconfiguredappropriatelyonthedesiredportswithits

correspondingcommandsetdescribed

inthischapter.Theprecedenceconfiguredfortheauthenticationmethodsdetermineswhich

authenticationmethodisactuallyappliedtotheuser,device,orport.

Multipleauthenti cationmodemustbegloballyenabledonthedeviceusingthesetmultiauth

modecommand.Authenticationprecedencecanbeconfiguredwiththe

setmultiauthprecedence

command.

About Multi-User Authentication

Multi‐userauthenticationreferstotheabilitytoauthenticate morethanoneuserordeviceonthe

sameport,witheachuserordevicebeingprovidedtheappropriatelevelofnetworkresources

basedonpolicy.

Whenasinglesupplicantconnectedtoanaccess layerportauthenticates,apolicyprofilecanbe

dynamicallyappliedtoalltrafficontheport.Whenmulti‐userauthenticationisnotimplemented,

andmorethanonesupplicantisconnectedtoaport,thefirmwaredoesnotprovisionnetwork

resourcesonaper‐userorper‐devicebasis,eventhoughdifferentusersordevicesmayrequirea

differentset

ofnetworkresources.

Inordertosupportprovisioningnetworkresourcesonaper‐userbasis,byapplyingthepolicy

configuredintheRADIUSfilter‐IDorRFC3580tunnelat tributesforagivenuserordevice,the

switchmustbethepointofauthenticationfortheattacheddevi ces.TheRADIUS

filter‐IDand

tunnelattributesarepartoftheRADIUSuseraccountandareincludedintheRADIUSaccess‐

acceptmessageresponsereceivedbytheswitchfromtheauthenticationserver.

Themaximumnumberofmultipleuserssupportedperportdependsonyourplatform.Referto

Appendix A,PolicyandAuthenticationCapacitiesfor

adescriptionofthemulti‐usercapacities

foryourdevice.Bydefault,thenumberofallowedusersperportissetto1.Toconfigurethe

numberofallowedusersperport,usethesetmultiauthportnumuserscommand.Usetheshow

multiauthportcommandtodisplaythecurrentvalues

of“Maxusers”and“A l l o w e d users”per

port.

Commands

For information about... Refer to page...

show multiauth 22-38

set multiauth mode 22-39

clear multiauth mode 22-39

set multiauth precedence 22-40

clear multiauth precedence 22-40

show multiauth port 22-41

set multiauth port 22-41

Main Page

Table of Contents