To Next Page

To Previous Page

Configuring Multiple Authentication Methods

20-30 Security Configuration

Parameters

None.

Defaults

None.

Mode

Switchcommand,read‐write.

Example

ThisexampleresetstheMACauthenticationsignificantbitsto48.

B3(su)->clear macauthentication significant-bits

Configuring Multiple Authentication Methods

About Multiple Authentication Types

Whenenabled,multipleauthenticationtypesallowuserstoauthenticateusinguptotwomethods

onthesameport.Inorderformultipleauthentication tofunctiononthede vice,eachpossible

methodofauthentication(MACauthentication,802.1X,PWA)mustbeenabledgloballyand

configuredappropriatelyonthedesiredportswithitscorresponding

commandsetdescribedin

thischapter.

Multipleauthenti cationmodemustbegloballyenabledonthedeviceusingthesetmultiauth

modecommand.

Configuring Multi-User Authentication (User + IP phone)

TheUser+IPphonemulti‐userauthenticationfeatureallowsauserandtheirIPphonetobothuse

asingleportontheB3buttohaveseparatepolicyroles.

ʺUser+IPPhoneʺAuthenticationontheSecureStackB3isimplementedbyassigninganingressed

packetreceivedonaport

toapolicyrolebasedontheVLANthepacketwasassignedto,andnot

thepacketʹssourceMACaddress.Therefore,onaportconfiguredforUser+IPPhone

Authentication,thereexiststwodifferentVLAN‐to‐policyrolemappings.

ThepolicyrolefortheIPphoneisstatically

mappedusingtheVLAN‐to‐policymappingfeature 

whichassignsanypacketsreceivedwithaVLANtagsettoaspecificVID(forexample,Voice

VLAN)toanind icat e dpolicyrole(forexample,IPPhonepolicyrole).Therefore,itisrequiredthat

IPphoneisconfiguredtosendVLANtaggedpackets

tothe“Voice”VLAN.

Thesecondpolicyrole,fortheuser,caneitherbestaticallyconfiguredwiththedefaultpolicyrole

ontheportordynamicallyassignedthroughauthenticationtothenetwork.Whenthedefault

policyroleisassignedonaport,theVLANsetasthe portʹsPVID

ismappedtothedefaultpolicy 

Note: B3 devices support up to eight authenticated users per port.

Note: The only Multi-User Authentication supported on the B3 is User + IP phone. The IP phone

and the user may authenticate using 802.1x or MAC authentication.

Brand	Enterasys
Model	SecureStack B3
Category	Switch
Language	English

Enterasys SecureStack B3 User Manual

Table of Contents

Questions and Answers:

Enterasys SecureStack B3 Specifications

Related product manuals