Name: Enterasys D2 D2G124-12P
Brand: Enterasys
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Overview of Security Methods

15-2 Security Configuration

ports.FordetailsonusingCLIcommandstoconfigure802.1X,referto“Configuring802.1X

Authentication”onpage 15 ‐9.

•MACAuthentication–providesamechanismforadministratorstosecurelyauthenticate

sourceMACaddressesandgrantappropriateaccesstoenduserdevicescommunicatingwith

D‐Seriesports.Fordetails,referto“Configuring

MACAuthentication”onpage 15‐19.

•MultipleAuthenticationMethods–allowsuserstoauthenticateusingmultiplemethodsof

authenticationonthesameport.Fordetails,referto“ConfiguringMultipleAuthentication

Methods”onpage 15‐30.

•RFC3580TunnelAttributesprovideamechanismtocontainan802.1XauthenticatedorMAC

authenticateduserto

aVLANregardlessofthePVID.Referto“ConfiguringVLAN

Authorization(RFC3580)”onpage 15‐41.

•MACLocking–locksaporttooneormoreMACaddresses,preventingtheuseof

unauthorizeddevicesandMACspoofingontheportFordetails,referto“ConfiguringMAC

Locking”onpage 15

‐46.

•PortWebAuthentication(PWA)–passesalllogininform ationfromtheendstationtoa

RADIUSserverforauthenticationbeforeallowingausertoaccessthenetwork.PWAisan

alternativeto802.1XandMACauthentication.Fordetails,referto“ConfiguringPortWeb

Authentication(PWA)”onpage 15‐57.

•SecureShell(SSH)–providessecureTelnet.Fordetails,referto“ConfiguringSecureShell

(SSH)”onpage 15‐68.

RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment

IfyouconfigureanauthenticationmethodthatrequirescommunicationwithaRADIUSserver,

youcanusetheRADIUSFilter‐IDattributetodynamicallyassignapolicyprofileand/or

managementleveltoauthenticatingusersand/ordevices.

TheRADIUSFilter‐IDattributeissimplyastringthatisformattedintheRADIUSAccess‐

Accept

packetsentbackfromtheRADIUSservertotheswitchduringtheauthenticationprocess.

EachusercanbeconfiguredintheRADIUSserverdatabasewithaRADIUSFilter‐IDattribute

thatspecifiesthenameofthepolicyprofileand/ormanagementleveltheusershouldbeassigned

uponsuccessfulauthentication.During

theauthenticationprocess,whentheRADIUSserver

returnsaRADIUSAccess‐AcceptmessagethatincludesaFilter‐IDmatchingapolicyprofilename

configuredontheswitch,theswitchthendynamicallyappliesthepolicyprofiletothephysical

porttheuser/deviceisauthenticatingon.

Filter-ID Attribute Formats

EnterasysNetworkssupportstwoFilter‐IDformats—“decorated”and“undecorated.”The

decoratedformathasthreeforms:

•Tospecifythepolicyprofiletoassigntotheauthenticatinguser(networkaccess

authentication):

Enterasys:version=1:policy=string

wherestringspecifiesthepolicyprofilename.Policyprofilenamesarecase‐sensitive.

Note: To configure EAP pass-through, which allows client authentication packets to be forwarded

through the switch to an upstream device, 802.1X authentication must be globally disabled with the

set dot1x command.

Brand

Enterasys

Model

D2 D2G124-12P

Enterasys D2 D2G124-12P User Manual

Table of Contents

Questions and Answers:

Enterasys D2 D2G124-12P Specifications

Related product manuals

Brand	Enterasys
Model	D2 D2G124-12P
Category	Network Router
Language	English