Enterasys 802.1Q Dokumentacja Strona 5

  • Pobierz
  • Dodaj do moich podręczników
  • Drukuj
  • Strona
    / 36
  • Spis treści
  • BOOKMARKI
  • Oceniono. / 5. Na podstawie oceny klientów
Przeglądanie stron 4
Authentication Overview
April 15, 2011 Page 5 of 36
Multi-User Authentication
Multiuserauthenticationprovidesfortheperuserorperdeviceprovisioningofnetwork
resourceswhenauthenticating.Itsupportstheabilitytoreceivefromtheauthenticationserver:
•Apolicytrafficprofile,basedontheuseraccount’sRADIUSFilterIDconfiguration
•AbaseVLANID,basedontheRFC3580tunnelattributesconfiguration,
alsoknownas
dynamicVLANassignment
Whenasinglesupplicantconnectedtoanaccess layerportauthenticates,apolicyprofilecanbe
dynamicallyappliedtoalltrafficontheport.Whenmulti userauthenticationisnot implemented,
andmorethanonesupplicantisconnectedtoaport,firmwaredoesnotprovision
network
resourcesonaperuserorperdevicebasis.Differentusersordevicesmayrequireadifferentset
ofnetworkresources.ThefirmwaretracksthesourceMACaddressforeachauthenticatinguser
regardlessoftheauthenticatingprotocolbeingused.Provisioningnetworkresourcesona
peruserbasisisaccomplished
byapplyingthepolicyconfiguredintheRADIUSFilterID,orthe
baseVLANIDconfiguredintheRFC3580tunnelattributes,foragivenusersMACaddress.The
RADIUSFilterIDandtunnelattributesarepartoftheRADIUSuseraccountandareincludedin
theRADIUSAcceptmessageresponse
fromtheauthenticationserver.
Thenumberofallowedusersperportcanbeconfiguredusingthesetmultiauthportnumusers
command.Theshowmultiauthportcommanddisplaysboththeallowednumberofusers
configuredandthemaximumnumberofuserssupportedperportforthedevice.Theallowed
numberofusers
defaultstothemaximumnumberofsupportedusersfortheportforamodular
switchplatformandto1forthestackablefixedswitchandstandal onefixedswitchplatforms.
InFigure 1eachuseronportge.1.5sendsanauthenticationrequesttotheRADIUSserver.Based
upontheSourceMACaddress(SMAC),
RADIUSlooksuptheaccountforthatuserandincludes
theFilterIDassociatedwiththataccountintheauthenticationresponsebacktotheswitch(see
sectionTheRADIUSFilterIDonpage 9forFilterIDinformation).Thepolicyspecifiedinthe
FilterIDisthenappliedtothe
user.SeesectionRFC3580onpage 10forinformationondynamic
VLANassignmentandtunnelattributeconfiguration.
Note: Multi-user authentication on stackable fixed switch and standalone fixed switch platforms
requires that the switch be the point of authentication, in order to apply policy.
Przeglądanie stron 4
1 2 3 4 5 6 7 8 9 10 ... 35 36

Komentarze do niniejszej Instrukcji

Brak uwag