Configuring Multiple Authentication Methods
About Multiple Authentication Types
When enabled, multiple authentication types allows a user to authenticate using more than one
method on the same port. In order for multiple authentication to function on the device, each
possible method of authentication (MAC authentication, 802.1X, PWA) must be enabled globally
and configured appropriately on the desired ports with its corresponding command set described
in this chapter. The precedence configured for the authentication methods determines which
authentication method is actually applied to the user, device, or port.
Multiple authentication mode must be globally enabled on the device using the set multiauth
mode command. Authentication precedence can be configured with the set multiauth precedence
command.
About Multi-User Authentication
Multi‐user authentication refers to the ability to authenticate more than one user or device on the
same port, with each user or device being provided the appropriate level of network resources
based on policy.
When a single supplicant connected to an access layer port authenticates, a policy profile can be
dynamically applied to all traffic on the port. When multi‐user authentication is not implemented,
and more than one supplicant is connected to a port, the firmware does not provision network
resources on a per‐user or per‐device basis, even though different users or devices may require a
different set of network resources.
In order to support provisioning network resources on a per‐user basis, by applying the policy
configured in the RADIUS filter‐ID or RFC 3580 tunnel attributes for a given user or device, the
switch must be the point of authentication for the attached devices. The RADIUS filter‐ID and
tunnel attributes are part of the RADIUS user account and are included in the RADIUS access‐
accept message response received by the switch from the authentication server.
The maximum number of multiple users supported per port depends on your platform. Refer to
Appendix
for this device. By default, the number of allowed users per port is set to 1. To configure the
number of allowed users per port, use the set multiauth port numusers command. Use the show
multiauth port command to display the current values of "Max users" and "Allowed users" per
port.
Commands
For information about...
show multiauth
set multiauth mode
clear multiauth mode
set multiauth precedence
clear multiauth precedence
show multiauth port
set multiauth port
A, Policy and Authentication Capacities for a description of the multi‐user capacities
Configuring Multiple Authentication Methods
Refer to page...
26-38
26-39
26-39
26-40
26-40
26-41
26-41
SecureStack C3 Configuration Guide 26-37