Enterasys Matrix DFE-Gold Series

944 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Configuring 802.1X Authentication

25-2 Authentication Configuration

•Localusercredentials—usedforlocalauthenticationandauthorizationofCLIandWebView

managementsessions.Fordetails,referto“SettingUserAccountsandPasswords”on

page 2‐15and“SettingtheAuthenticationLoginMethod”onpage 25‐50.

•RemoteAAAservice—usedforremoteauthentication,authorization,andaccountingof

CLI

andWebViewmanagementsessions,aswellasallnetworkaccesssessionsprovisionedby

wayof802.1x,PWA,orMACAuthentication.Fordetails,referto“SettingtheAuthentication

LoginMethod”onpage 25 ‐50and“Configuring802.1XAuthentication”onpage 25‐2.

• SupportforRADUIS,RFC3580,andTACACS+canbe

foundinthefollowingsections:

“ConfiguringRADIUS”onpage 25‐53,“ConfiguringRFC3580”onpage 25‐60,and

“ConfiguringTACACS+”onpage 25‐63

Configuring 802.1X Authentication

About Multi-User Authentication

EnterasysNetworks’enhancedversionoftheIEEE802.1X‐2001specificationdecreasessecurity

vulnerabilitiesinherentwiththestandardimplementation,andallowsmultipledevicesand users,

alsoknownas“supplicants,”tobeauthenticatedonasingleport.Theenhancedstandardclearly

distinguisheseachnetworkaccessportfromitsaccess“entities,”whichmaintainauthentication



instructionsassociatedwitheachuniquepotentialsupplicant.

802.1Xenhancementsarebackwards‐compatiblewithexisting802.1Xsupplicantsand

configurations,andaredesignedtoseamlesslyintegrateintoEnterasys’per‐userpolicy

managementsystem;allowingmuchmoregranularcontroloveruserauthorization.

TheEnterasysmulti‐user802.1Ximplementationincludesthefollow ingcomponents:

•AMulti‐Mode

EnabledEnterasysMatrixSystem—onlywhenasystemissettooperatein

multipleauthenticationmode(asdescribedin“ConfiguringMultipleAuthentication”on

page 27‐1)cantheenhanced802.1Xfeaturebeused.Thesystemʹsportsintendedfornetwork

accesstoauthenticateandauthorizesupplicantswillbeallowedtosimultaneously

utilize

morethanoneaccessentity.

• AccessEntities—responsibleformaintainingstate,counters,andstatisticsforanindividual

supplicant.Anaccessentityisactivatedfromapoolofconfiguredaccessentitieswhena

potentialsupplicantonaportneedstobeauthenticated.Itbecomesdeactivatedwhenthe

supplicantlogsoff,cannotbe

authenticated,ortheEnterasysMatrixdevicedeterminesthat

thesupplicantorassociatedpolicysettingsarenolongervalid.

• Supplicants—devicesorusersthatdesireaccesstothenetwork,suchasworkstations,

printers,PDAs,orhard‐wiredorwirelessphones.Thesewillbeidentifiedbythesystemusing

acombinationofconnectionport,

MACaddresses,andallocatedaccessentityindex.Oncea

supplicantissuccessfullyauthenticated,thesystemisresponsible forenforcingthedegreeto

whichthesupplicantwillbeauthorizedtoaccessthenetwork,usinginformationsenttoitby

theauthenticationserver.

• AuthenticationServer—typicallyaRADIUSauthority,wheretheEnterasysMatrixsystem

and

serverhavemutually‐configuredknowledgeofoneanother.

Purpose

Toreviewandconfigure802.1XauthenticationforoneormoreportsusingEAPOL(Extensible

AuthenticationProtocol).802.1Xcontrolsnetworkaccessbyenforcinguserauthorizationon

Table of Contents

Related product manuals

Preview: Enterasys Matrix 2G4072-52

Enterasys Matrix 2G4072-52

Preview: Enterasys Matrix E1 1H582-51

Enterasys Matrix E1 1H582-51

Enterasys Matrix E1 1G694-13

Preview: Enterasys Matrix-V V2H124-24

Enterasys Matrix-V V2H124-24

Preview: Enterasys C3G124-24

Enterasys C3G124-24

Preview: Enterasys B5G124-24

Enterasys B5G124-24

Enterasys A4H124-48P

Preview: Enterasys B5G124-24P2

Enterasys B5G124-24P2

Preview: Enterasys SecureStack C2

Enterasys SecureStack C2

Enterasys SSA-G1018-0652

Preview: SecureStack B3 B3G124-24P

SecureStack B3 B3G124-24P

Preview: SecureStack B2 B2G124-48P

SecureStack B2 B2G124-48P