Enterasys 802.1Q Spezifikationen PDF herunterladen (Seite 31)

Authentication Configuration Example

April 15, 2011 Page 31 of 36

5. ConfiguringtheprinterclusterMACauthenticationforthemodularswitchconfiguration.

ConfiguringthepublicareainternetaccessforPWAforthestackablefixedswitch.

6. ConfiguringforthepublicareainternetaccessforPWAforthemodularswitch.

Configuring MultiAuth Authentication

MultiAuthauthenticationmustbesettomultiwhenevermultipleusersof802.1xneedtobe

authenticatedorwheneveranyMAC‐based,PWA,orCEPauthenticationispresent.Forports

wherenoauthenticationispresent,suchasswitchtoswitch,orswitchtorouterconnections,you

shouldalsosetMultiAuthportmode

toforceauthenticatetoassurethattrafficisnotblockedbya

failedauthentication.Forpurposesofthisexample,wewilllimitauthenticationtoamaximumof

6usersperport.

ThefollowingCLIinput:

•SetsMultiAuthauthenticationtomulti.

•Setsportswithswitchtoswitchandswitchtorouterconnections

toforceauthenticate.

•Setsthemaximumnumberofusersthatcanauthenticateoneachportto6.

System(rw)->set multiauth mode multi

System(rw)->set multiauth port mode force-auth ge.1.5-7

System(rw)->set multiauth port numusers 6 ge.1.5-7

System(rw)->set multiauth port mode force-auth ge.1.19-24

System(rw)->set multiauth port numusers 6 ge.1.19-24

•EnablesMultiAu th authenticationsystemandmoduletrapsforthemodularswitch

configuration.

System(rw)->set multiauth trap system enabled

System(rw)->set multiauth trap module enabled

ThiscompletestheMultiAuthauthentication conf igurationpieceforthisexample.Keepinmind

thatyouwouldwanttousethesetmultiauthprecedencecommand,tospecifywhich

authenticationmethodshouldtakeprecedence,shouldyouhaveasingleuserconfiguredfor

multipleauthenticationsonthesameport.

Enabling RADIUS On the Switch

Theswitchneedstobeinformedabouttheauthenticationserver.UsethefollowingCLIinputto

• ConfiguretheauthenticationserverIPaddressontheswitch.

•EnabletheRADIUS server.

System(rw)->set radius server 1 10.20.10.01

System(rw)->set radius enable

Creating RADIUS User Accounts On The Authentication Server

RADIUSaccountcreationontheauthenticationserverisspecifictotheRADIUSapplicationyou

areusing.PleaseseethedocumentationthatcomeswithyourRADIUSapplication.Createan

accountforalluserstobeauthenticated.

1 2 ... 26 27 28 29 30 31 32 33 34 35 36

Keine Kommentare

Enterasys 802.1Q Spezifikationen Seite 31