EasyManua.ls Logo

Enterasys SecureStack C2 C2G170-24

Enterasys SecureStack C2 C2G170-24
698 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Overview of Authentication and Authorization Methods
23-2 Authentication and Authorization Configuration
802.1XPortBasedNetworkAccessControlusingEAPOL(ExtensibleAuthenticationProtocol)
providesamechanismviaaRADIUSserverforadministra tors tosecurelyauthenticateand
grantappropriateaccesstoenduserdevicescommunicatingwithSecureStackC2ports.For
detailsonusingCLIcommandstoconfigure802.1X,refertoConfiguring802.1X
Authenticationonpage 2311.
•MACAuthenticationprovidesamechanismforadministratorstosecurelyauthenticate
sourceMACaddressesandgrantappropriateaccesstoenduserdevicescommunicatingwith
SecureStackC2ports.Fordetails,refertoConfiguringMACAuthenticationonpage 2321.
•MultipleAuthenticationMethodsallowsuserstoauthenticateusing
multiplemethodsof
authenticationonthesameport.Fordetails,refertoConfiguringMultipleAuthentication
Methodsonpage 2333.
•MultiUserAuthenticationUser+IPPhone.TheUser+IPPhoneauthenticationfeature
supportsauthenticationandauthorizationoftwodevices,specificallyaPCcascadedwithan
IPphone,on
asingleportontheC2.TheIPphonemustauthenticateusingMACor802.1X
authentication,buttheusermayauthenticatebyanymethod.Thisfeatureallowsboththe
usersPCandIPphonetosimultaneouslyauthenticateonasingleportandeachreceivea
uniquelevelofnetworkaccess.For
details,refertoConfiguringMultiUserAu thentication
(User+IPphone)onpage 2333.
•RFC3580TunnelAttributesprovideamechanismtocontainan802.1XauthenticatedorMAC
authenticatedusertoaVLANregardlessofthePVID.Uptosixuserscanbeconfiguredper
Gigabitport.Referto
ConfiguringVLANAuthorization(RFC3580)onpage 2345.
•MACLockinglocksaporttooneormoreMACaddresses,preventingtheuseof
unauthorizeddevicesandMACspoofingontheportFordetails,refertoConfiguringMAC
Lockingonpage 2350.
•PortWebAuthentication(PWA)passesalllogin
informationfromtheendstationtoa
RADIUSserverforau thenticationbeforeallowingausertoaccessthenetwork.PWAisan
alternativeto802.1XandMACauthentication.Fordetails,refertoConfiguringPortWeb
Authentication(PWA)onpage 2361.
•SecureShell(SSH)providessecureTelnet.Fordetails,
refertoConfiguringSecureShell
(SSH)onpage 2373.
•IPAccessLists(ACLs)permitsordeniesaccesstoroutinginterfacesbasedonprotocoland
inboundand/oroutboundIPaddressrestrictionsconfiguredinaccesslists.Fordetails,referto
ConfiguringAccessListsonpage 2375.
RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment
IfyouconfigureanauthenticationmethodthatrequirescommunicationwithaRADIUSserver,
youcanusetheRADIUSFilterIDattributetodynamicallyassignapolicyprofileand/or
managementleveltoauthenticatingusersand/ordevices.
Note: To configure EAP pass-through, which allows client authentication packets to be forwarded
through the switch to an upstream device, 802.1X authentication must be globally disabled with the
set dot1x command.
Notes: The C2 supports up to six authenticated users per port.
The C2 cannot simultaneously support Policy and RFC 3580 on the same port. If multiple users are
configured to use a port, and the C2 is then switched from "policy" mode to "tunnel" mode (RFC-
3580 VLAN to port mapping), the total number of users supported to use a port will be reset to one.
RFC-3580 VLAN authorization is not supported by PWA authentication.

Table of Contents

Other manuals for Enterasys SecureStack C2 C2G170-24

Preview: Hardware Installation Guide
Hardware Installation Guide74 pages

Related product manuals