To Next Page

To Previous Page

Overview of Security Methods

17-2 Security Configuration

onusingCLIcommandstoconfigure802.1X,referto“Configuring802.1XAuthentication”on

page 17‐11.

•MACAuthentication–providesamechanismforadministratorstosecurelyauthenticate

sourceMACaddressesandgrantappropriateaccesstoenduserdevicescommunicatingwith

D‐Seriesports.Fordetails,referto“ConfiguringMACAuthentication”

onpage 17‐21.

•MultipleAuthenticationMethods–allowsuserstoauthenticateusingmultiplemethodsof

authenticationonthesameport.Fordetails,referto“ConfiguringMultipleAuthentication

Methods”onpage 17‐33.

•Multi‐UserAuthentication–User+IPPhone.TheUser+IPPhoneauthenticationfeature

supportsauthenticationandauthorizationof

twodevices,specificallyaPCcascadedwithan

IPphone,onasingleportontheD2.TheIPphonemustauthenticateusingMACor802.1X

authentication,buttheusermayauthenticatebyanymethod.Thisfeatureallowsboththe

user’sPCandIPphonetosimultaneouslyauthenticateona

singleportandeachreceivea

uniquelevelofnetworkaccess.Fordetails,referto“ConfiguringMulti‐UserAuthentication

(User+IPphone)”onpage 17‐33.

•RFC3580TunnelAttributesprovideamechanismtocontainan802.1XauthenticatedorMAC

authenticatedusertoaVLANregardlessofthePVID.Refer

to“ConfiguringVLAN

Authorization(RFC3580)”onpage 17‐45.

•MACLocking–locksaporttooneormoreMACaddresses,preventingtheuseof

unauthorizeddevicesandMACspoofingontheportFordetails,referto“ConfiguringMAC

Locking”onpage 17‐51.

•PortWebAuthentication(PWA)–passesall

logininformationfromtheendstation toa

RADIUSserverforauthenticationbeforeallowingausertoaccessthenetwork.PWAisan

alternativeto802.1XandMACauthentication.Fordetails,referto“ConfiguringPortWeb

Authentication(PWA)”onpage 17‐62.

•SecureShell(SSH)–providessecureTelnet.For

details,referto“ConfiguringSecureShell

(SSH)”onpage 17‐74.

RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment

IfyouconfigureanauthenticationmethodthatrequirescommunicationwithaRADIUSserver,

youcanusetheRADIUSFilter‐IDattributetodynamicallyassignapolicyprofileand/or

managementleveltoauthenticatingusersand/ordevices.

TheRADIUSFilter‐IDattributeissimplyastringthatisformattedintheRADIUSAccess‐

Accept

packetsentbackfromtheRADIUSservertotheswitchduringtheauthenticationprocess.

EachusercanbeconfiguredintheRADIUSserverdatabasewithaRADIUS Filter‐IDattribute

thatspecifiesthenameofthepolicyprofileand/ormanagementleveltheusershouldbeassigned

uponsuccessfulauthentication.During

theauthenticationprocess,whentheRADIUSserver

returnsaRADIUSAccess‐AcceptmessagethatincludesaFilter‐IDmatchingapolicyprofilename

Note: To configure EAP pass-through, which allows client authentication packets to be forwarded

through the switch to an upstream device, 802.1X authentication must be globally disabled with the

set dot1x command.

Notes: The D2 supports up to two authenticated users per port.

The D2 cannot simultaneously support Policy and RFC 3580 on the same port. If multiple users are

configured to use a port, and the D2 is then switched from "policy" mode to "tunnel" mode (RFC-

3580 VLAN to port mapping), the total number of users supported to use a port will be reset to one.

RFC-3580 VLAN authorization is not supported by PWA authentication.

Brand	Enterasys
Model	D-Series
Category	Switch
Language	English

Enterasys D-Series User Manual

Table of Contents

Questions and Answers:

Enterasys D-Series Specifications

Related product manuals