Enterasys 802.1Q Especificações Página 1

Consulte online ou descarregue Especificações para Redes Enterasys 802.1Q. Enterasys 802.1Q Specifications Manual do Utilizador

  • Descarregar
  • Adicionar aos meus manuais
  • Imprimir
  • Página
    / 36
  • Índice
  • MARCADORES
  • Avaliado. / 5. Com base em avaliações de clientes
Vista de página 0
April 15, 2011 Page 1 of 36
Configuring User Authentication
Thischapterprovidesthefollowinginformationaboutconfiguringandmonitoringuser
authenticationonEnterasys
®
NSeries,SSeries
®
,andKSeriesmodularswitches,ASeries,
BSeries,CSeriesstackablefixedswitches,andDSeries,GSeries,and ISeriesstandalonefixed
switches.
What is User Authentication?
Authenticationistheabilityofanetworkaccessserver,withadatabaseofvalidusersanddevices,
toacquireandverifytheappropriatecredentialsofauserordevice(supplicant)attemptingto
gainaccesstothenetwork.EnterasysauthenticationusestheRADIUSprotocoltocontrolaccessto
switchportsfroman
authenticationserverandtomanagethemessageexchangebetweenthe
authenticatingdeviceandtheserver.BothMultiAuthandMultiuserauthenticationare
supported.MultiAuthistheabilitytoconfiguremultipleauthenticationmodesforauserand
applytheauthenticationmodewiththehighestprecedence.Multiuseristheabilityto
appropriatelyauthenticatemultiplesupplicantsonasinglelinkandprovisionnetworkresources,
baseduponanappropriatepolicyforeachsupplicant.TheEnterasysswitchproductssupportthe
followingfiveauthenticationmethods:
IEEE802.1x
•MACbasedAuthenti cation(MAC)
•PortWebAuthentication(PWA)
Note: Through out this document:
Use of the term “modular switch” indicates that the information is valid for the N-Series, S-Series,
and K-Series platforms.
Use of the term “stackable fixed switch” indicates that the information is valid for the A-Series,
B-Series, and C-Series platforms.
Use of the term “standalone fixed switch” indicates that the information is valid for the D-Series,
G-Series, and I-Series platforms.
For information about... Refer to page...
What is User Authentication? 1
Why Would I Use It in My Network? 2
How Can I Implement User Authentication? 2
Authentication Overview 2
Configuring Authentication 14
Authentication Configuration Example 29
Terms and Definitions 34
Vista de página 0
1 2 3 4 5 6 ... 35 36

Resumo do Conteúdo

Página 1 - What is User Authentication?

April 15, 2011 Page 1 of 36Configuring User AuthenticationThischapterprovidesthefollowinginformationaboutconfiguringandmonitoringuserauthen

Página 2

Authentication OverviewApril 15, 2011 Page 10 of 36RFC 3580EnterasysswitchessupporttheRFC3580RADIUStunnelattributefordynamicVLANassignment

Página 3 - Port Web Authentication (PWA)

Authentication OverviewApril 15, 2011 Page 11 of 36• Value:Indicatesthetypeoftunnel.Avalueof0x0D(decimal13)indicatesthatthe tunnelingp

Página 4 - Convergence End Point (CEP)

Authentication OverviewApril 15, 2011 Page 12 of 36•AproblemwithmovinganendsystemtoanewVLANisthattheendsystemmustbeissuedanIPaddr

Página 5 - Multi-User Authentication

Authentication OverviewApril 15, 2011 Page 13 of 36authorizationisenabledgloballyandontheauthenticatinguser’sport,theVLANspecifiedbythe

Página 6 - Port ge.1.5

Configuring AuthenticationApril 15, 2011 Page 14 of 36Configuring AuthenticationThissectionprovidesdetailsfortheconfigurationofauthentication

Página 7 - MAU LogicMAU Logic

Configuring AuthenticationApril 15, 2011 Page 15 of 36pwa Globally enables or disables PWA authentication.Disabled.pwa enhancemode Allows a user on an

Página 8 - MAU Logic

Configuring AuthenticationApril 15, 2011 Page 16 of 36Configuring IEEE 802.1xConfiguringIEEE802.1xonanauthenticatorswitchportconsistsof:•Sett

Página 9 - The RADIUS Filter-ID

Configuring AuthenticationApril 15, 2011 Page 17 of 36Configuring MAC-based AuthenticationConfiguringMAC‐basedauthenticationonaswitchconsistsof

Página 10 - RFC 3580

Configuring AuthenticationApril 15, 2011 Page 18 of 36Configuring Port Web Authentication (PWA)ConfiguringPWAontheswitchconsistsof:•Settingthe

Página 11 - April 15, 2011 Page 11 of 36

Configuring AuthenticationApril 15, 2011 Page 19 of 36Whenenhancedmodeisenabled,PWAwilluseaguestpasswordandguestusernametograntnetwor

Página 12 - Policy Maptable Response

Why Would I Use It in My Network?April 15, 2011 Page 2 of 36• ConvergenceEndPoint(CEP)•RADIUSSnoopingEnterasysswitchproductssupporttheconfigu

Página 13 - April 15, 2011 Page 13 of 36

Configuring AuthenticationApril 15, 2011 Page 20 of 36Procedure 5describesthestepstoconfigureCEP.Setting MultiAuth Idle and Session Timeout for

Página 14 - Configuring Authentication

Configuring AuthenticationApril 15, 2011 Page 21 of 36Procedure 6describessettingtheMultiAuthidleandsessiontimeoutforCEP.Configuring MultiA

Página 15 - April 15, 2011 Page 15 of 36

Configuring AuthenticationApril 15, 2011 Page 22 of 36switchdevices).Youmaychangetheprecedenceforoneormoremethodsbysettingtheauthentica

Página 16 - Configuring IEEE 802.1x

Configuring AuthenticationApril 15, 2011 Page 23 of 36Procedure 9describessettingtheMultiAuthauthenticationportandmaximumuserproperties.Set

Página 17 - April 15, 2011 Page 17 of 36

Configuring AuthenticationApril 15, 2011 Page 24 of 36Setting MultiAuth Authentication TrapsTraps canbeenabledatthesystemandmodulelevelswhen

Página 18 - April 15, 2011 Page 18 of 36

Configuring AuthenticationApril 15, 2011 Page 25 of 36Configuring VLAN AuthorizationVLANauthorizationallowsforthedynamicassignmentofuserstot

Página 19 - April 15, 2011 Page 19 of 36

Configuring AuthenticationApril 15, 2011 Page 26 of 36IftheauthenticationserverreturnsaninvalidpolicyorVLANtoaswitchforanauthenticating

Página 20 - April 15, 2011 Page 20 of 36

Configuring AuthenticationApril 15, 2011 Page 27 of 36Procedure 14describesauthenticationserverconfiguration.Configuring RADIUS AccountingTherea

Página 21 - April 15, 2011 Page 21 of 36

Configuring AuthenticationApril 15, 2011 Page 28 of 36Procedure 15describesRADIUSaccountingconfiguration.Procedure 15 RADIUS Accounting Configura

Página 22 - April 15, 2011 Page 22 of 36

Authentication Configuration ExampleApril 15, 2011 Page 29 of 36Authentication Configuration ExampleOurexamplecoversthefoursupportedmodularswit

Página 23 - April 15, 2011 Page 23 of 36

Authentication OverviewApril 15, 2011 Page 3 of 36IEEE 802.1x Using EAPTheIEEE802.1xport‐basedaccesscontrolstandardallowsyoutoauthenticatea

Página 24 - April 15, 2011 Page 24 of 36

Authentication Configuration ExampleApril 15, 2011 Page 30 of 36Figure 5 Stackable Fixed Switch Authentication Configuration Example OverviewOurconf

Página 25 - April 15, 2011 Page 25 of 36

Authentication Configuration ExampleApril 15, 2011 Page 31 of 365. ConfiguringtheprinterclusterMACauthenticationforthemodularswitchconfigura

Página 26 - Configuring RADIUS

Authentication Configuration ExampleApril 15, 2011 Page 32 of 36Configuring the Engineering Group 802.1x End-User StationsTherearethreeaspectstoc

Página 27 - Configuring RADIUS Accounting

Authentication Configuration ExampleApril 15, 2011 Page 33 of 36ThefollowingCLIinput:•EnablesCEPgloballyontheswitch.•SetsCEPpolicytoaprev

Página 28 - April 15, 2011 Page 28 of 36

Terms and DefinitionsApril 15, 2011 Page 34 of 36•SetuptheRADIUSuseraccountforthepublicstationontheauthenticationserver.•EnablePWAglobal

Página 29 - April 15, 2011 Page 29 of 36

Terms and DefinitionsApril 15, 2011 Page 35 of 36IEEE 802.1x An IEEE standard for port-based Network Access Control that provides authentication to de

Página 30 - April 15, 2011 Page 30 of 36

Enterasys Networksreservestherighttomakechangesinspecificationsandotherinformati oncontainedinthisdocumentanditswebsitewithoutpri

Página 31 - Enabling RADIUS On the Switch

Authentication OverviewApril 15, 2011 Page 4 of 36switchcancontainanyFilter‐IDattributeconfiguredontheauthenticationserver,allowingpolicy

Página 32 - April 15, 2011 Page 32 of 36

Authentication OverviewApril 15, 2011 Page 5 of 36Multi-User AuthenticationMulti‐userauthenticationprovidesfortheper‐userorper‐deviceprovision

Página 33 - April 15, 2011 Page 33 of 36

Authentication OverviewApril 15, 2011 Page 6 of 36Figure 1 Applying Policy to Multiple Users on a Single PortMultiAuth AuthenticationAuthenticationm

Página 34 - Terms and Definitions

Authentication OverviewApril 15, 2011 Page 7 of 36Figure 2 Authenticating Multiple Users With Different Methods on a Single PortInFigure 3,fullMul

Página 35 - April 15, 2011 Page 35 of 36

Authentication OverviewApril 15, 2011 Page 8 of 36Figure 3 Selecting Authentication Method When Multiple Methods are ValidatedRemote Authentication D

Página 36 - Revision History

Authentication OverviewApril 15, 2011 Page 9 of 36Requiredauthenticationcredentialsdependupontheauthenticationmethodbeingused.For802.1xand

Comentários a estes Manuais

Sem comentários