Name: Enterasys D-Series
Brand: Enterasys
Rating: 5 (1 reviews)

To Next Page

To Previous Page

Configuring Multiple Authentication Methods

Enterasys D-Series CLI Reference 17-33

Configuring Multiple Authentication Methods

About Multiple Authentication Types

Whenenabled,multipleauthenticationtypesallowuserstoauthenticateusingmorethanone

methodonthesameport.Inorderformultipleauthenticationtofunctiononthedevice,each

possiblemethodofauthentication(MACauthentication, 802.1X,PWA)must beenabledglobally

andconfiguredappropriatelyonthedesiredportswithitscorresponding

commandsetdescribed

inthischapter.

Multipleauthenti cationmodemustbegloballyenabledonthedeviceusingthesetmultiauth

modecommand.

Configuring Multi-User Authentication (User + IP phone)

TheUser+IPphonemulti‐userauthenticationfeatureallowsauserand theirIPphonetobothuse

asingleportontheD2buttohaveseparatepolicyroles.

ʺUser+IPPhoneʺAuthenticationontheD‐Seriesisimplementedbyassigninganingressed

packetreceivedonaport

toapolicyrolebasedontheVLANthepacketwasassignedto,andnot

thepacketʹssourceMACaddress.Therefore,onaportconfiguredforUser+IPPhone

Authentication,thereexiststwodifferentVLAN‐to‐policyrolemappings.

ThepolicyrolefortheIP phoneisstatically

mappedusingtheVLAN‐to‐policymappingfea ture

whichassignsanypacketsreceivedwithaVLANtagsettoaspecificVID(forexample,Voice

VLAN)toanindicatedpolicyrole(forexample,IPPhonepolicyrole).Therefore,itisrequiredthat

IPphoneisconfiguredtosendVLANtaggedpackets

tothe“Voice”VLAN.

Thesecondpolicyrole,fortheuser,caneitherbestaticallyconfiguredwiththedefaultpolicyrole

ontheportordynamicallyassignedthroughauthenticationtothenetwork.Whenthedefault

policyroleisassignedonaport,theVLANsetastheportʹsPVID

ismappedtothedefaultpolicy

role.Whenapolicyroleisdynamicallyappliedtoaportastheresultofasuccessfully

authenticatedsession,the“authenticatedVLAN”ismapped tothepolicyrolesetintheFilter‐ID

returnedfromtheRADIUSserver.The“authenticatedVLAN”mayeitherbethe

PVIDoftheport,

ifthePVIDOverrideforthepolicyprofileisdisabled,ortheVLANspecifiedinthePVIDOverride

ifthePVIDOverrideisenabled.

Commands

Note: D2 devices support up to two authenticated users per port.

Note: The only Multi-User Authentication supported on the D2 is User + IP phone. The IP phone

and the user may authenticate using 802.1x or MAC authentication.

For information about... Refer to page...

show multiauth 17-34

set multiauth mode 17-35

clear multiauth mode 17-35

Brand

Enterasys

Model

D-Series

Enterasys D-Series User Manual

Table of Contents

Questions and Answers:

Enterasys D-Series Specifications

Related product manuals

Brand	Enterasys
Model	D-Series
Category	Switch
Language	English