94 Summit 300-48 Switch Software User Guide
Unified Access Security
• Single authentication infrastructure — Single set of policies, RADIUS, and certificate servers
Table 43 summarizes the security options available with the Summit 300-48 switch. Campus mode refers
to a network with multiple users who connect at different places. ISP mode refers to a network with
stationary users who access the network through the same port each time. The per user VLANs
assignment column indicates whether users can be placed in a VLAN when they are authenticated
according to the given method.
User Access Security
Effective user security meets the following objectives:
• Authentication — Assuring that only approved users are connected to the network at permitted
locations and times.
• Privacy — Assuring that user data is protected.
Authentication
The authentication process is responsible for screening users who attempt to connect to the network and
granting or denying access based on the identity of the user, and if needed, the location of the client
station and the time of day. The authentication function also includes secure encryption of passwords
for user screening.
For an authentication scheme to be practical and effective, it must be compatible with the
currently-installed client software base. That requires accommodating multiple versions of software,
including legacy systems with older-generation security support. Effective authentication is mutual,
from client-to-network and network-to-client. Finally, authentication requires the appropriate
authentication servers.
The Unified Access Architecture provides authentication methods that meet all these requirements,
while also permitting flexibility for individual network environments.
Authentication Method: Open
The Summit 300-48 switch and associates Altitude 300 wireless ports, support 802.11 open system
authentication, in which the station identifies the SSID. Although open authentication can be acceptable
Table 43: Security Options
Security Feature Campus Mode ISP Mode
Per User VLANs
Assignment
Wired Wireless Wired Wireless Wired Wireless
802.1x - Single Supplicant X X X X X X
802.1x - Multiple Supplicants X X X X X
Web-based Netlogin Single
Supplicants
X X X X X X
Web-based Netlogin Multiple
Supplicants
X X X X X
MAC Radius - Single Client X X X
MAC Radius - Multiple Clients X X X
To Next Page
Loading...
