Enterasys 802.1Q Spezifikationen

April 15, 2011 Page 1 of 36Configuring User AuthenticationThischapterprovidesthefollowinginformationaboutconfiguringandmonitoringuserauthen

Authentication OverviewApril 15, 2011 Page 10 of 36RFC 3580EnterasysswitchessupporttheRFC3580RADIUStunnelattributefordynamicVLANassignment

Authentication OverviewApril 15, 2011 Page 11 of 36• Value:Indicatesthetypeoftunnel.Avalueof0x0D(decimal13)indicatesthatthe tunnelingp

Authentication OverviewApril 15, 2011 Page 12 of 36•AproblemwithmovinganendsystemtoanewVLANisthattheendsystemmustbeissuedanIPaddr

Authentication OverviewApril 15, 2011 Page 13 of 36authorizationisenabledgloballyandontheauthenticatinguser’sport,theVLANspecifiedbythe

Configuring AuthenticationApril 15, 2011 Page 14 of 36Configuring AuthenticationThissectionprovidesdetailsfortheconfigurationofauthentication

Configuring AuthenticationApril 15, 2011 Page 15 of 36pwa Globally enables or disables PWA authentication.Disabled.pwa enhancemode Allows a user on an

Configuring AuthenticationApril 15, 2011 Page 16 of 36Configuring IEEE 802.1xConfiguringIEEE802.1xonanauthenticatorswitchportconsistsof:•Sett

Configuring AuthenticationApril 15, 2011 Page 17 of 36Configuring MAC-based AuthenticationConfiguringMAC‐basedauthenticationonaswitchconsistsof

Configuring AuthenticationApril 15, 2011 Page 18 of 36Configuring Port Web Authentication (PWA)ConfiguringPWAontheswitchconsistsof:•Settingthe

Configuring AuthenticationApril 15, 2011 Page 19 of 36Whenenhancedmodeisenabled,PWAwilluseaguestpasswordandguestusernametograntnetwor

Why Would I Use It in My Network?April 15, 2011 Page 2 of 36• ConvergenceEndPoint(CEP)•RADIUSSnoopingEnterasysswitchproductssupporttheconfigu

Configuring AuthenticationApril 15, 2011 Page 20 of 36Procedure 5describesthestepstoconfigureCEP.Setting MultiAuth Idle and Session Timeout for

Configuring AuthenticationApril 15, 2011 Page 21 of 36Procedure 6describessettingtheMultiAuthidleandsessiontimeoutforCEP.Configuring MultiA

Configuring AuthenticationApril 15, 2011 Page 22 of 36switchdevices).Youmaychangetheprecedenceforoneormoremethodsbysettingtheauthentica

Configuring AuthenticationApril 15, 2011 Page 23 of 36Procedure 9describessettingtheMultiAuthauthenticationportandmaximumuserproperties.Set

Configuring AuthenticationApril 15, 2011 Page 24 of 36Setting MultiAuth Authentication TrapsTraps canbeenabledatthesystemandmodulelevelswhen

Configuring AuthenticationApril 15, 2011 Page 25 of 36Configuring VLAN AuthorizationVLANauthorizationallowsforthedynamicassignmentofuserstot

Configuring AuthenticationApril 15, 2011 Page 26 of 36IftheauthenticationserverreturnsaninvalidpolicyorVLANtoaswitchforanauthenticating

Configuring AuthenticationApril 15, 2011 Page 27 of 36Procedure 14describesauthenticationserverconfiguration.Configuring RADIUS AccountingTherea

Configuring AuthenticationApril 15, 2011 Page 28 of 36Procedure 15describesRADIUSaccountingconfiguration.Procedure 15 RADIUS Accounting Configura

Authentication Configuration ExampleApril 15, 2011 Page 29 of 36Authentication Configuration ExampleOurexamplecoversthefoursupportedmodularswit

Authentication OverviewApril 15, 2011 Page 3 of 36IEEE 802.1x Using EAPTheIEEE802.1xport‐basedaccesscontrolstandardallowsyoutoauthenticatea

Authentication Configuration ExampleApril 15, 2011 Page 30 of 36Figure 5 Stackable Fixed Switch Authentication Configuration Example OverviewOurconf

Authentication Configuration ExampleApril 15, 2011 Page 31 of 365. ConfiguringtheprinterclusterMACauthenticationforthemodularswitchconfigura

Authentication Configuration ExampleApril 15, 2011 Page 32 of 36Configuring the Engineering Group 802.1x End-User StationsTherearethreeaspectstoc

Authentication Configuration ExampleApril 15, 2011 Page 33 of 36ThefollowingCLIinput:•EnablesCEPgloballyontheswitch.•SetsCEPpolicytoaprev

Terms and DefinitionsApril 15, 2011 Page 34 of 36•SetuptheRADIUSuseraccountforthepublicstationontheauthenticationserver.•EnablePWAglobal

Terms and DefinitionsApril 15, 2011 Page 35 of 36IEEE 802.1x An IEEE standard for port-based Network Access Control that provides authentication to de

Enterasys Networksreservestherighttomakechangesinspecificationsandotherinformati oncontainedinthisdocumentanditswebsitewithoutpri

Authentication OverviewApril 15, 2011 Page 4 of 36switchcancontainanyFilter‐IDattributeconfiguredontheauthenticationserver,allowingpolicy

Authentication OverviewApril 15, 2011 Page 5 of 36Multi-User AuthenticationMulti‐userauthenticationprovidesfortheper‐userorper‐deviceprovision

Authentication OverviewApril 15, 2011 Page 6 of 36Figure 1 Applying Policy to Multiple Users on a Single PortMultiAuth AuthenticationAuthenticationm

Authentication OverviewApril 15, 2011 Page 7 of 36Figure 2 Authenticating Multiple Users With Different Methods on a Single PortInFigure 3,fullMul

Authentication OverviewApril 15, 2011 Page 8 of 36Figure 3 Selecting Authentication Method When Multiple Methods are ValidatedRemote Authentication D

Authentication OverviewApril 15, 2011 Page 9 of 36Requiredauthenticationcredentialsdependupontheauthenticationmethodbeingused.For802.1xand