To Next Page

To Previous Page

Configuring Multiple Authentication Methods

SecureStack C2 Configuration Guide 23-33

Configuring Multiple Authentication Methods

About Multiple Authentication Types

Whenenabled,multipleauthenticationtypesallowuserstoauthenticateusingmorethanone

methodonthesameport.Inorderformultipleauthenticationtofunctiononthedevice,each

possiblemethodofauthentication(MACauthentication, 802.1X,PWA)mustbeenabledglobally

andconfiguredappropriatelyonthedesiredportswithitscorresponding

commandsetdescribed

inthischapter.

Multipleauthenti cationmodemustbegloballyenabledonthedeviceusingthesetmultiauth

modecommand.

Configuring Multi-User Authentication (User + IP phone)

TheUser+IPphonemulti‐userauthenticationfeatureallowsauserandtheirIP phonetobothuse

asingleportontheC2buttohaveseparatepolicyroles.

ʺUser+IPPhoneʺAuthenticationontheSecureStackC2isimplementedbyassigninganingressed

packetreceivedonaport

toapolicyrolebasedontheVLANthepacketwasassignedto,andnot

thepacketʹssourceMACaddress.Therefore,onaportconfiguredforUser+IPPhone

Authentication,thereexiststwodifferentVLAN‐to‐policyrolemappings.

ThepolicyrolefortheIP phoneisstatically

mappedusingtheVLAN‐to‐policymappingfea ture

whichassignsanypacketsreceivedwithaVLANtagsettoaspecificVID(forexample,Voice

VLAN)toanindicatedpolicyrole(forexample,IPPhonepolicyrole).Therefore,itisrequiredthat

IPphoneisconfiguredtosendVLANtaggedpackets

tothe“Voice”VLAN.RefertotheUsage

sectionforthecommand“setpolicyrule”onpage 11‐10foradditionalinformation.

Thesecondpolicyrole,fortheuser,caneitherbestaticallyconfiguredwiththedefaultpolicyrole

ontheportordynamicallyassignedthroughauthenticationtothenetwork.When

thedefault

policyroleisassignedonaport,theVLANsetastheportʹsPVIDismappedtothedefaultpolicy

role.Whenapolicyroleisdynamicallyappliedtoaportastheresultofasuccessfully

authenticatedsession,the“authenticatedVLAN”ismappedtothepolicy

rolesetintheFilter‐ID

returnedfromtheRADIUSserver.The“authenticatedVLAN”mayeitherbethePVIDoftheport,

ifthePVIDOverrideforthepolicyprofileisdisabled,ortheVLANspecifiedinthePVIDOverride

ifthePVIDOverrideisenabled.

Commands

Note: C2 devices support up to six authenticated users per port.

Note: The only Multi-User Authentication supported on the C2 is User + IP phone. The IP phone

has to authenticate using 802.1x or MAC authentication, but the User may authenticate using

802.1x, PWA, or MAC authentication.

For information about... Refer to page...

show multiauth 23-34

set multiauth mode 23-35

clear multiauth mode 23-35

Brand	Enterasys
Model	SecureStack C2 C2G170-24
Category	Switch
Language	English

Enterasys SecureStack C2 C2G170-24 User Manual

Table of Contents

Other manuals for Enterasys SecureStack C2 C2G170-24

Questions and Answers:

Enterasys SecureStack C2 C2G170-24 Specifications

Related product manuals