Netgear M5300-28G-POE+ (GSM7228PSv1h2) - 12-Port Managed Gigabit Switch Ratgeber Für Administratoren
Security Management
409
Managed Switches
The CLI command to enable authentication is as follows.
(Netgear Switch)#configure
(Netgear Switch)(Config)#authentication enable
Configure a Dot1x–MAB Authentication Method List with
MAB–Dot1x Priority
MAB–Dot1x Priority
Note:
This section describes how to configure the authentication order and
priority. For information about configuring the MAB authentication
method, see
priority. For information about configuring the MAB authentication
method, see
If the switch authenticated a client by using MAB but the client is enabled for dot1x after it is
authenticated, the EAPOL start frames that the client sends to the authentication manager
causes the port to be placed in the unauthorized state and the switch then attempts to
authenticate the client by using dot1x. This situation occurs because the default priority for
dot1x authentication is higher than the default priority for MAB authentication.
authenticated, the EAPOL start frames that the client sends to the authentication manager
causes the port to be placed in the unauthorized state and the switch then attempts to
authenticate the client by using dot1x. This situation occurs because the default priority for
dot1x authentication is higher than the default priority for MAB authentication.
To prevent the port from being placed in the unauthorized state, assign MAB authentication a
higher priority than dot1x authentication. In that situation, if the client sends EAPOL start
frames to the authentication manager, the authentication manager selects the first configured
authentication method in the list, that is, dot1x, and compares the priority of the current
authenticated method (that is, MAB) with the newly selected method (that is, dot1x). Because
the priority for MAB authentication is higher than the priority for dot1x authentication, the
authentication manager does not start dot1x authentication.
higher priority than dot1x authentication. In that situation, if the client sends EAPOL start
frames to the authentication manager, the authentication manager selects the first configured
authentication method in the list, that is, dot1x, and compares the priority of the current
authenticated method (that is, MAB) with the newly selected method (that is, dot1x). Because
the priority for MAB authentication is higher than the priority for dot1x authentication, the
authentication manager does not start dot1x authentication.
The CLI command to enable authentication is as follows.
(Netgear Switch)#configure
(Netgear Switch)(Config)#authentication enable
Configure a Dot1x, MAB, and Captive Portal Authentication
Method List with Default Priority
Method List with Default Priority
Note:
This section describes how to configure the authentication order and
priority. For information about configuring the captive portal
authentication method, see
priority. For information about configuring the captive portal
authentication method, see