Table of Contents
Advertisement
Configuring 802.1X Authentication
•
Local user credentials — used for local authentication and authorization of CLI and WebView
management sessions. For details, refer to "Setting User Accounts and Passwords" on
page 2‐15 and "Setting the Authentication Login Method" on page 25‐50.
•
Remote AAA service — used for remote authentication, authorization, and accounting of CLI
and WebView management sessions, as well as all network access sessions provisioned by
way of 802.1x, PWA, or MAC Authentication. For details, refer to "Setting the Authentication
Login Method" on page 25‐50 and "Configuring 802.1X Authentication" on page 25‐2.
•
Support for RADUIS, RFC 3580, and TACACS+ can be found in the following sections:
"Configuring RADIUS" on page 25‐53, "Configuring RFC 3580" on page 25‐60, and
"Configuring TACACS+" on page 25‐63
Configuring 802.1X Authentication
About Multi-User Authentication
Enterasys Networks' enhanced version of the IEEE 802.1X‐2001 specification decreases security
vulnerabilities inherent with the standard implementation, and allows multiple devices and users,
also known as "supplicants," to be authenticated on a single port. The enhanced standard clearly
distinguishes each network access port from its access "entities," which maintain authentication
instructions associated with each unique potential supplicant.
802.1X enhancements are backwards‐compatible with existing 802.1X supplicants and
configurations, and are designed to seamlessly integrate into Enterasys' per‐user policy
management system; allowing much more granular control over user authorization.
The Enterasys multi‐user 802.1X implementation includes the following components:
•
A Multi‐Mode Enabled Enterasys Matrix System—only when a system is set to operate in
multiple authentication mode (as described in "Configuring Multiple Authentication" on
page 27‐1) can the enhanced 802.1X feature be used. The systemʹs ports intended for network
access to authenticate and authorize supplicants will be allowed to simultaneously utilize
more than one access entity.
•
Access Entities—responsible for maintaining state, counters, and statistics for an individual
supplicant. An access entity is activated from a pool of configured access entities when a
potential supplicant on a port needs to be authenticated. It becomes deactivated when the
supplicant logs off, cannot be authenticated, or the Enterasys Matrix device determines that
the supplicant or associated policy settings are no longer valid.
•
Supplicants—devices or users that desire access to the network, such as workstations,
printers, PDAs, or hard‐wired or wireless phones. These will be identified by the system using
a combination of connection port, MAC addresses, and allocated access entity index. Once a
supplicant is successfully authenticated, the system is responsible for enforcing the degree to
which the supplicant will be authorized to access the network, using information sent to it by
the authentication server.
•
Authentication Server—typically a RADIUS authority, where the Enterasys Matrix system and
server have mutually‐configured knowledge of one another.
Purpose
To review and configure 802.1X authentication for one or more ports using EAPOL (Extensible
Authentication Protocol). 802.1X controls network access by enforcing user authorization on
25-2 Authentication Configuration
- Quick Links:
- Set Ip Address
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the Enterasys Matrix DFE-Gold Series and is the answer not in the manual?