Configuring RFC 3580
Configuring RFC 3580
About RFC 3580
RFC 3580 provides suggestions on how 802.1x Authenticators should leverage RADIUS as the
backend AAA infrastructure. RFC 3580 is divided into several major sections: RADIUS
Accounting, RADIUS Authentication, RC4 EAPOL‐Key‐Frame Discussions, and Security
Considerations. Upon detection, End‐Points (PCs, IP Phones, etc.) may be interrogated by the
AAA clients for credentials, which may then be used to authenticate the user and determine the
services which should be provided (authorization). During the exchange with the AAA server, the
AAA client will present information describing the End‐Point and itself. The AAA server will then
describe the level of service which should be provided. This may include authentication success,
session duration, and class‐of‐service to be provided.
Enterasys Networks Layer 2 switches utilize two specific attributes to implement the provisioning
of service in response to a successful authentication:
•
A proprietary Filter‐ID, which describes a Policy Profile to be applied to the user. (See
"RADIUS Filter‐ID Attribute and Dynamic Policy Profile Assignment" on page 25‐50.)
•
The VLAN‐Tunnel‐Attribute; which defines the base VLAN‐ID to be applied to the user (or
possibly mapped to an Enterasys Policy Profile).
Purpose
To review and configure RFC 3580 support.
Commands
For information about...
show vlanauthorization
set vlanauthorization
clear vlanauthorization
show vlanauthorization
Use this command to display the VLAN Authorization settings.
Syntax
show vlanauthorization [port-list] | [all]
Parameters
port‐list
all
Defaults
If no parameters are specified, all VLAN Authorization configuration information will be
displayed.
25-60 Authentication Configuration
(Optional) Displays the port(s) VLAN Authorization settings.
(Optional) Displays all port(s) VLAN Authorization settings.
show vlanauthorization
Refer to page...
25-60
25-61
25-62