Configuring Authentication
10-22 Configuring User Authentication
• Server identification provides for the configuration of the server IP address and index value.
The index determines the order in which the switch will attempt to establish a session with an
authentication server. After setting the index and IP address you are prompted to enter a
secret value for this authentication server. Any authentication requests to this authentication
server must present the correct secret value to gain authentication.
•The realm provides for configuration scope for this server: management access, network
access, or both.
Firmware supports the configuration of multiple authentication servers. The lowest index value
associated with the server determines the primary server. If the primary server is down, the
operational server with the next lowest index value is used. If the switch fails to establish contact
with the authentication server before a configured timeout, the switch will retry for the configured
number of times.
Servers can be restricted to management access or network access authentication by configuring
the realm option.
Procedure 10-10 describes authentication server configuration.
Configuring User + IP Phone Authentication
User + IP phone authentication is a special application of multi-user authentication that allows a
user and their IP phone to both use a single port on the switch but to have separate policy roles.
The user’s PC and their IP phone are daisy-chained together with a single connection to the
network. The IP phone may authenticate using 802.1x or MAC authentication, while the user can
use any supported authentication method.
This feature is the only version of multi-user authentication that is supported on the A4. It is not
recommended to be used on the other fixed stackable and standalone platforms that can support
multiple users per port unless you are integrating the switch into a legacy deployment.
Procedure 10-10 Authentication Server Configuration
Step Task Command(s)
1. Configure the index value, IP address, and
secret value for this authentication server.
set radius server index ip-address
[secret-value]
2. Optionally set the number of seconds the switch
will wait before retrying authentication server
establishment.
set radius timeout timeout
3. Optionally set the number of retries that will
occur before the switch declares an
authentication server down.
set radius retries retries
4. Optionally set the authentication server
configuration scope to management access,
network access, or both for all or the specified
authentication server.
set radius realm {management-access |
network-access | any} {as-index | all}
5. Globally enable or disable RADIUS on the
switch.
set radius {enable | disable}
6. Reset the specified RADIUS setting to its default
value.
clear radius { [retries] [timeout] [server
[index | all] [realm {index | all}]
7. Display the current RADIUS authentication
server settings.
show radius [retries | authtype | timeout |
server [index | all]]
To Next Page
Loading...
Need help?
General