—Specifies the name of the destination VLAN
●
vlan_name
—Specifies the VLAN ID, tag, of the destination VLAN
●
vlan_name_tag
—Specifies that the VSA 211 wildcard (*) is applied, only if you do not specify tagged or
●
none
untagged
Displaying Local Netlogin Accounts
To display a list of local netlogin accounts on the switch, including VLAN information, use the
following command:
show netlogin local-users
Deleting a Local Netlogin Account
To delete a local netlogin user name and password, use the following command:
delete netlogin local-user <user-name>
802.1x Authentication
802.1x authentication methods govern interactions between the supplicant (client) and the
authentication server. The most commonly used methods are Transport Layer Security (TLS); Tunneled
TLS (TTLS), which is a Funk/Certicom standards proposal; and PEAP.
TLS is the most secure of the currently available protocols, although TTLS is advertised to be as strong
as TLS. Both TLS and TTLS are certificate-based and require a Public Key Infrastructure (PKI) that can
issue, renew, and revoke certificates. TTLS is easier to deploy, as it requires only server certificates, by
contrast with TLS, which requires client and server certificates. With TTLS, the client can use the MD5
mode of user name/password authentication.
If you plan to use 802.1x authentication, refer to the documentation for your particular RADIUS server,
and 802.1x client on how to set up a PKI configuration.
This section describes the following topics:
Interoperability Requirements on page 359
●
Enabling and Disabling 802.1x Network Login on page 360
●
802.1x Network Login Configuration Example on page 361
●
Configuring Guest VLANs on page 361
●
Post-authentication VLAN Movement on page 363
●
Interoperability Requirements
For network login to operate, the user (supplicant) software and the authentication server must support
common authentication methods. Not all combinations provide the appropriate functionality.
ExtremeWare XOS 11.3 Concepts Guide
802.1x Authentication
359