Table of Contents
Advertisement
Security Configuration Command Set
Configuring RFC 3580
14.3.3 Configuring RFC 3580
About RFC 3580
RFC 3580 provides suggestions on how 802.1x Authenticators should leverage RADIUS as the
backend AAA infrastructure. RFC 3580 is divided into several major sections: RADIUS
Accounting, RADIUS Authentication, RC4 EAPOL-Key-Frame Discussions, and Security
Upon detection, End-Points (PCs, IP Phones, etc.) may be interrogated by
Considerations.
the AAA clients for credentials, which may then be used to authenticate the user and
determine the services which should be provided (authorization). During the exchange with
the AAA server, the AAA client will present information describing the End-Point and
itself. The AAA server will then describe the level of service which should be provided.
This may include authentication success, session duration, and class-of-service to be
provided.
Enterasys Networks Layer 2 switches utilize two specific attributes to implement the
provisioning of service in response to a successful authentication:
•
A proprietary Filter-ID, which describes a Policy Profile to be applied to the user. (See
14.1.1,
"RADIUS Filter-ID Attribute and Dynamic Policy Profile
• The VLAN-Tunnel-Attribute; which defines the base VLAN-ID to be applied to the user
(or possibly mapped to an Enterasys Policy Profile)
Purpose
To review and configure RFC 3580 support.
Commands
The commands needed to configure RFC 3580 are listed below and described in the associated
section as shown:
•
vlanauthorization
show
• set vlanauthorization
• clear vlanauthorization
14-20 Matrix NSA Series Configuration Guide
(Section
14.3.3.1)
(Section
14.3.3.2)
(Section
14.3.3.3)
Assignment," on
.
Section
page
14-3.)
Advertisement
Chapters
Table of Contents
