Configuring Multiple Authentication Methods
Parameters
None.
Defaults
None.
Mode
Switch command, read‐write.
Example
This example resets the MAC authentication significant bits to 48.
C2(su)->clear macauthentication significant-bits
Configuring Multiple Authentication Methods
About Multiple Authentication Types
When enabled, multiple authentication types allow users to authenticate using up to two methods
on the same port. In order for multiple authentication to function on the device, each possible
method of authentication (MAC authentication, 802.1X, PWA) must be enabled globally and
configured appropriately on the desired ports with its corresponding command set described in
this chapter.
Multiple authentication mode must be globally enabled on the device using the set multiauth
mode command.
Configuring Multi-User Authentication (User + IP phone)
The User + IP phone multi‐user authentication feature allows a user and their IP phone to both use
a single port on the C2 but to have separate policy roles.
ʺUser + IP Phoneʺ Authentication on the SecureStack C2 is implemented by assigning an ingressed
packet received on a port to a policy role based on the VLAN the packet was assigned to, and not
the packetʹs source MAC address. Therefore, on a port configured for User + IP Phone
Authentication, there exists two different VLAN‐to‐policy role mappings.
The policy role for the IP phone is statically mapped using the VLAN‐to‐policy mapping feature
which assigns any packets received with a VLAN tag set to a specific VID (for example, Voice
VLAN) to an indicated policy role (for example, IP Phone policy role). Therefore, it is required that
IP phone is configured to send VLAN tagged packets to the "Voice" VLAN.
The second policy role, for the user, can either be statically configured with the default policy role
on the port or dynamically assigned through authentication to the network. When the default
policy role is assigned on a port, the VLAN set as the portʹs PVID is mapped to the default policy
18-30 Security Configuration
Note: C2 devices support up to eight authenticated users per port.
Note: The only Multi-User Authentication supported on the C2 is User + IP phone. The IP phone
has to authenticate using 802.1x or MAC authentication, but the User may authenticate using
802.1x, PWA, or MAC authentication.