Authentication Configuration Example
Fixed Switch Configuration Guide 10-27
In an 802.1x configuration, policy is specified in the RADIUS account configuration on the
authentication server using the RADIUS Filter-ID. See “The RADIUS Filter-ID” on page 8 for
RADIUS Filter-ID information. If a RADIUS Filter-ID exists for the user account, the RADIUS
protocol returns it in the RADIUS Accept message and the firmware applies the policy to the user.
The following CLI input:
• Enables EAP on the stackable fixed switch
System(rw)->set eapol enable
• Enables 802.1x on the switch
• Sets port-control to forced-auth for all connections between switches and routers, because
they do not use authentication and would be blocked if not set to forced-auth.
System(rw)->set dot1x enable
System(rw)->set dot1x auth-config authcontrolled-portcontrol forced-auth ge.1.5
System(rw)->set dot1x auth-config authcontrolled-portcontrol forced-auth
ge.1.19
System(rw)->set dot1x auth-config authcontrolled-portcontrol forced-auth
ge.2.24
This completes the 802.1x end-user stations configuration.
Configuring the Printer Cluster for MAC-Based Authentication
Perform the following tasks to configure MAC-based authentication for the printer cluster in our
example:
• Set up an account for each printer on the authentication server that contains the printer MAC
address, the MAC authentication password configured on the switch, and a RADIUS Filter-ID
entry specifying the printer policy.
• Configure a policy using NetSight Policy Manager specifying the printer cluster VLAN and
optionally configuring a CoS and rate limit.
• Enable MAC authentication globally on the switch.
• Enter the MAC authentication password as enterasys on the switch.
• Set the MAC authentication significant-bits to 24.
• Enable MAC authentication on the ports used by the printer cluster: ge.1.3-4
With the authentication server configured with a RADIUS account for each printer, and the printer
policy pre-configured, enter the following CLI input:
System(rw)->set macauthentication enable
System(rw)->set macauthentication password enterasys
System(rw)->set macauthentication significant-bits 24
System(rw)->set macauthentication port enable ge.1.3-4
This completes the printer cluster MAC authentication configuration.
Note: Globally enabling 802.1x on a switch sets the port-control type to auto for all ports. Be sure to
set port-control to forced-auth on all ports that will not be authenticating using 802.1x and no other
authentication method is configured. Otherwise these ports will fail authentication and traffic will be
blocked.
To Next Page
Loading...
Need help?
General