To Next Page

To Previous Page

Configuring Multiple Authentication Methods

18-30 Security Configuration

Parameters

None.

Defaults

None.

Mode

Switchcommand,read‐write.

Example

ThisexampleresetstheMACauthenticationsignificantbitsto48.

C2(su)->clear macauthentication significant-bits

Configuring Multiple Authentication Methods

About Multiple Authentication Types

Whenenabled,multipleauthenticationtypesallowuserstoauthenticateusinguptotwomethods

onthesameport.Inorderformultipleauthentication tofunctiononthede vice,eachpossible

methodofauthentication(MACauthentication,802.1X,PWA)mustbeenabledgloballyand

configuredappropriatelyonthedesiredportswithitscorresponding

commandsetdescribedin

thischapter.

Multipleauthenti cationmodemustbegloballyenabledonthedeviceusingthesetmultiauth

modecommand.

Configuring Multi-User Authentication (User + IP phone)

TheUser+IPphonemulti‐userauthenticationfeatureallowsauserandtheirIPphonetobothuse

asingleportontheC2buttohaveseparatepolicyroles.

ʺUser+IPPhoneʺAuthenticationontheSecureStackC2isimplementedbyassigninganingressed

packetreceivedonaport

toapolicyrolebasedontheVLANthepacketwasassignedto,andnot

thepacketʹssourceMACaddress.Therefore,onaportconfiguredforUser+IPPhone

Authentication,thereexiststwodifferentVLAN‐to‐policyrolemappings.

ThepolicyrolefortheIPphoneisstatically

mappedusingtheVLAN‐to‐policymappingfeature 

whichassignsanypacketsreceivedwithaVLANtagsettoaspecificVID(forexample,Voice

VLAN)toanind icat e dpolicyrole(forexample,IPPhonepolicyrole).Therefore,itisrequiredthat

IPphoneisconfiguredtosendVLANtaggedpackets

tothe“Voice”VLAN.

Thesecondpolicyrole,fortheuser,caneitherbestaticallyconfiguredwiththedefaultpolicyrole

ontheportordynamicallyassignedthroughauthenticationtothenetwork.Whenthedefault

policyroleisassignedonaport,theVLANsetasthe portʹsPVID

ismappedtothedefaultpolicy 

Note: C2 devices support up to eight authenticated users per port.

Note: The only Multi-User Authentication supported on the C2 is User + IP phone. The IP phone

has to authenticate using 802.1x or MAC authentication, but the User may authenticate using

802.1x, PWA, or MAC authentication.

Brand	Enterasys
Model	SecureStack C2
Category	Switch
Language	English

Enterasys SecureStack C2 User Manual

Table of Contents

Questions and Answers:

Enterasys SecureStack C2 Specifications

Related product manuals