Table of Contents
Advertisement
Configuring Authentication
Procedure 10-4 MultiAuth Authentication Configuration
Step
1.
2.
3.
Setting MultiAuth Authentication Precedence
MultiAuth authentication administrative precedence globally determines which authentication
method will be selected when a user is successfully authenticated for multiple authentication
methods on a single port. When a user successfully authenticates more than one method at the
same time, the precedence of the authentication methods will determine which RADIUS-returned
Filter-ID will be processed and result in an applied traffic policy profile.
MultiAuth authentication precedence defaults to the following order from high to low: 802.1x,
PWA, and MAC on stackable fixed switch and standalone fixed switch devices. You may change
the precedence for one or more methods by setting the authentication methods in the order of
precedence from high to low. Any methods not entered are given a lower precedence than the
methods entered in their pre-existing order. For instance, if you start with the default order and
only set PWA and MAC, the new precedence order will be PWA, MAC, 802.1x.
Given the default order of precedence (802.1x, PWA, MAC), if a user was to successfully
authenticate with PWA and MAC, the authentication method RADIUS Filter-ID applied would be
PWA, because it has a higher position in the order. A MAC session would authenticate, but its
associated RADIUS Filter-ID would not be applied.
Procedure 10-5
Procedure 10-5 MultiAuth Authentication Precedence Configuration
Step
1.
2.
Setting MultiAuth Authentication Port Properties
MultiAuth authentication supports the configuration of MultiAuth port and maximum number of
users per port properties. The MultiAuth port property can be configured as follows:
•
Authentication Optional – Authentication methods are active on the port based upon the
global and port authentication method. Before authentication succeeds, the current policy role
applied to the port is assigned to the ingress traffic. This is the default role if no authenticated
user or device exists on the port. After authentication succeeds, the user or device is allowed
to access the network according to the policy information returned from the authentication
server, in the form of the RADIUS Filter-ID attribute, or the static configuration on the switch.
This is the default setting.
10-18 Configuring User Authentication
Task
For a single user, single authentication 802.1x
port configuration, set MultiAuth mode to strict.
For multiple user 802.1x authentication or any
non-802.1x authentication, set the system
authentication mode to use multiple
authenticators simultaneously.
To clear the MultiAuth authentication mode.
describes setting the order for MultiAuth authentication precedence.
Task
Set a new order of precedence for the selection
of the RADIUS Filter-ID that will be returned
when multiple authentication methods are
authenticated at the same time for a single user.
Reset the order MultiAuth authentication
precedence to the default values.
Command(s)
set multiauth mode strict
set multiauth mode multi
clear multiauth mode
Command(s)
set multiauth precedence {[dot1x] [mac]
[pwa] }
clear multiauth precedence
- Quick Links:
- Connecting to the Switch
Hide quick links:
Advertisement
Table of Contents
