EasyManuals Logo
Home>Enterasys>Switch>SecureStack C2

Enterasys SecureStack C2 User Manual

Enterasys SecureStack C2
607 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #526 background imageLoading...
Page #526 background image
Overview of Security Methods
18-2 Security Configuration
authenticateandgrantappropriateaccesstoenduserdevicescommunicatingwith
SecureStackC2ports.FordetailsonusingCLIcommandstoconfigure802.1X,referto
Configuring802.1XAuthenticationonpage 189.
•MACAuthenticationprovidesamechanismforadministratorstosecurelyauthenticate
sourceMACaddressesandgrantappropriateaccessto
enduserdevicescommunicatingwith
SecureStackC2ports.Fordetails,refertoConfiguringMACAuthenticationonpage 1819.
•MultipleAuthenticationMethodsallowsuserstoauthenticateusingmultiplemethodsof
authenticationonthesameport.Fordetails,refertoConfiguringMultipleAuthentication
Methodsonpage 1830.
•MultiUserAuthentication
OntheSecureStackC2,theonlytypeofmultipleuser
authenticationsupportedis“User+IPPhone”.TheUser+IPPhoneauthenticationfeature
supportsauthenticationandauthorizationoftwodevices,specificallyaPCcascadedwithan
IPphone,onasingleportontheC2.TheIPphonemust
authenticateusingMACor802.1X
authentication,buttheusermayauthentica tebyanymethod.Thisfeatureallowsboththe
usersPCandIPphonetosimultaneouslyauthenticateonasingleportandeachreceivea
uniquelevelofnetworkaccess.Fordetails,refertoConfiguringMultiUserAuthentication
(User+
IPphone)onpage 1830.
•RFC3580TunnelAttributesprovideamechanismtocontainan802.1Xauthenticatedusertoa
VLANregardlessofthePVID.UptosixuserscanbeconfiguredperGigabitport.Referto
ConfiguringVLANAuthorization(RFC3580)onpage 1841.
•MACLockinglocksa
porttooneormoreMACaddresses,preventingtheuseof
unauthorizeddevicesandMACspoofingontheportFordetails,refertoConfiguringMAC
Lockingonpage 1846.
•PortWebAuthentication(PWA)locksdownaportauserisattached tountilaftertheuser
logsinusing
awebbrowsertoaccesstheswitch.Theswi tchwillpassalllogininformation
fromtheendstationtoaRADIUSserverforauthenticationbeforeturningtheporton.PWAis
analternativeto802.1XandMACauthentication.Fordetails,refertoConfiguringPortWeb
Authentication(PWA)onpage 1857.
•SecureShell(SSH)providessecureTelnet.Fordetails,refertoConfiguringSecureShell
(SSH)onpage 1868.
•IPAccessLists(ACLs)permitsordeniesaccesstoroutinginterfacesbasedonprotocoland
inboundand/oroutboundIPaddressrestrictionsconfiguredinaccesslists.Fordetails,referto
ConfiguringAccess
Listsonpage 1870.
RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment
IfyouconfigureanauthenticationmethodthatrequirescommunicationwithaRADIUSserver,
youcanusetheRADIUSFilterIDattributetodynamicallyassignapolicyprofileand/or
managementleveltoauthenticatingusersand/ordevices.
TheRADIUSFilterIDattributeissimplyastringthatisformattedintheRADIUSAccess
Accept
packetsentbackfromtheRADIUSservertotheswitchduringtheauthenticationprocess.
Note: To configure EAP pass-through, which allows client authentication packets to be forwarded
through the switch to an upstream device, 802.1X authentication must be globally disabled with the
set dot1x command.
Note: C2 devices support up to eight authenticated users per port.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Enterasys SecureStack C2 and is the answer not in the manual?

Enterasys SecureStack C2 Specifications

General IconGeneral
BrandEnterasys
ModelSecureStack C2
CategorySwitch
LanguageEnglish

Related product manuals