Network Login
ExtremeWare XOS 11.3 Concepts Guide
360
Supplicant Side
The supported 802.1x clients (supplicants) are Windows 2000 SP4 native client, Windows XP native
clients, and Meetinghouse AEGIS.
A Windows XP 802.1x supplicant can be authenticated as a computer or as a user. Computer
authentication requires a certificate installed in the computer certificate store, and user authentication
requires a certificate installed in the individual user's certificate store.
By default, the Windows XP machine performs computer authentication as soon as the computer is
powered on, or at link-up when no user is logged into the machine. User authentication is performed at
link-up when the user is logged in.
Windows XP also supports guest authentication, but this is disabled by default. Refer to relevant
Microsoft documentation for further information. The Windows XP machine can be configured to
perform computer authentication at link-up even if user is logged in.
Authentication Server Side
The RADIUS server used for authentication must be EAP-capable. Consider the following when
choosing a RADIUS server:
â—Ź Types of authentication methods supported on RADIUS, as mentioned previously.
â—Ź Need to support VSAs. Parameters such as Extreme-Netlogin-Vlan-Name (destination vlan for port
movement after authentication) and
Extreme-NetLogin-Only (authorization for network login only)
are brought back as VSAs.
â—Ź Need to support both EAP and traditional user name-password authentication. These are used by
network login and switch console login respectively.
NOTE
For information on how to use and configure your RADIUS server, please refer to the documentation that came with
your RADIUS server.
Enabling and Disabling 802.1x Network Login
To enable 802.1x network login on the switch, use the following command:
enable netlogin dot1x
Any combination of types of authentication can be enabled on the same switch. At least one of the
authentication types must be specified on the CLI.
To disable 802.1x network login on the switch, use the following command:
disable netlogin dot1x
To enable 802.1x network login on one or more ports, use the following command:
enable netlogin ports <portlist> dot1x
Network Login must be disabled on a port before you can delete a VLAN that contains that port. To
disable 802.1x network login on one or more ports, use the following command:
disable netlogin ports <portlist> dot1x
To Next Page
Loading...
Need help?
General
