Enterasys Networks 9034313-07 manual Configuring Multiple Authentication Methods

Configuring Multiple Authentication Methods

Configuring Multiple Authentication Methods

About Multiple Authentication Types

When enabled, multiple authentication types allows a user to authenticate using more than one method on the same port. In order for multiple authentication to function on the device, each possible method of authentication (MAC authentication, 802.1X, PWA) must be enabled globally and configured appropriately on the desired ports with its corresponding command set described in this chapter. The precedence configured for the authentication methods determines which authentication method is actually applied to the user, device, or port.

Multiple authentication mode must be globally enabled on the device using the set multiauth mode command. Authentication precedence can be configured with the set multiauth precedence command.

About Multi-User Authentication

Multi‐user authentication refers to the ability to authenticate more than one user or device on the same port, with each user or device being provided the appropriate level of network resources based on policy.

When a single supplicant connected to an access layer port authenticates, a policy profile can be dynamically applied to all traffic on the port. When multi‐user authentication is not implemented, and more than one supplicant is connected to a port, the firmware does not provision network resources on a per‐user or per‐device basis, even though different users or devices may require a different set of network resources.

In order to support provisioning network resources on a per‐user basis, by applying the policy configured in the RADIUS filter‐ID or RFC 3580 tunnel attributes for a given user or device, the switch must be the point of authentication for the attached devices. The RADIUS filter‐ID and tunnel attributes are part of the RADIUS user account and are included in the RADIUS access‐ accept message response received by the switch from the authentication server.

The maximum number of multiple users supported per port depends on your platform. Refer to Appendix A, Policy and Authentication Capacities for a description of the multi‐user capacities for this device. By default, the number of allowed users per port is set to 1. To configure the number of allowed users per port, use the set multiauth port numusers command. Use the show multiauth port command to display the current values of “Max users” and “Allowed users” per port.

Commands

SecureStack C3 Configuration Guide 26-37