EasyManua.ls Logo

Extreme Networks ExtremeWare XOS Guide - 802.1 X Authentication; Interoperability Requirements

Extreme Networks ExtremeWare XOS Guide
698 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
802.1x Authentication
ExtremeWare XOS 11.3 Concepts Guide
359
vlan_name—Specifies the name of the destination VLAN
vlan_name_tag—Specifies the VLAN ID, tag, of the destination VLAN
none—Specifies that the VSA 211 wildcard (*) is applied, only if you do not specify tagged or
untagged
Displaying Local Netlogin Accounts
To display a list of local netlogin accounts on the switch, including VLAN information, use the
following command:
show netlogin local-users
Deleting a Local Netlogin Account
To delete a local netlogin user name and password, use the following command:
delete netlogin local-user <user-name>
802.1x Authentication
802.1x authentication methods govern interactions between the supplicant (client) and the
authentication server. The most commonly used methods are Transport Layer Security (TLS); Tunneled
TLS (TTLS), which is a Funk/Certicom standards proposal; and PEAP.
TLS is the most secure of the currently available protocols, although TTLS is advertised to be as strong
as TLS. Both TLS and TTLS are certificate-based and require a Public Key Infrastructure (PKI) that can
issue, renew, and revoke certificates. TTLS is easier to deploy, as it requires only server certificates, by
contrast with TLS, which requires client and server certificates. With TTLS, the client can use the MD5
mode of user name/password authentication.
If you plan to use 802.1x authentication, refer to the documentation for your particular RADIUS server,
and 802.1x client on how to set up a PKI configuration.
This section describes the following topics:
Interoperability Requirements on page 359
Enabling and Disabling 802.1x Network Login on page 360
802.1x Network Login Configuration Example on page 361
Configuring Guest VLANs on page 361
Post-authentication VLAN Movement on page 363
Interoperability Requirements
For network login to operate, the user (supplicant) software and the authentication server must support
common authentication methods. Not all combinations provide the appropriate functionality.

Table of Contents

Related product manuals