User Authentication Overview
10-6 Configuring User Authentication
credentials sent to the RADIUS server. RADIUS looks up the user account for that user based
upon the SMAC. The Filter-ID for that user is returned to the switch in the authentication
response, and the authentication is validated for that user.
Figure 10-2 Authenticating Multiple Users With Different Methods on a Single Port
In Figure 10-3, full MultiAuth authentication takes place in that multiple users on a single port are
validated for more than one authentication method. The applied authentication and policy are
based upon the authentication method precedence level. On the far right column of the figure, the
authentication methods are listed from top to bottom in order of precedence (the default order is
displayed). User 1 is authenticating with both the 802.1x and PWA methods, with the Credit
policy. Both the 802.1x and PWA authentication methods are validated, but only the 802.1x
MultiAuth session is applied, because that has the highest precedence. User 2 is authenticating
with both PWA and MAC methods, with the Sales policy. PWA, having a higher precedence than
MAC, is the MultiAuth session applied for User 2. User 3 is a guest and is authenticating with the
MAC method only. The MAC MultiAuth session, with the Guest policy is applied for User 3.
User 1
SMAC
00-00-00-11-11-11
User 2
SMAC
00-00-00-22-22-22
User 3
SMAC
00-00-00-33-33-33
Authentication
Method
802.1x
User1 Filter ID --> Policy Y
User2 Filter ID --> Policy X
User3 Filter ID --> Policy Z
User 1: 802.1X
Authentication
Credentials
User 2: PWA
Authentication
Credentials
User 3: MAC
Authentication
Credentials
Authentication
Method
MAC
Authentication
Method
PWA
Switch
Radius Server
Port
802.1X
PWA
MAC
CEP
MAU LogicMAU Logic
To Next Page
Loading...
Need help?
General