Netgear M4300-28G (GSM4328S) - Stackable Managed Switch with 24x1G and 4x10G including 2x10GBASE-T and 2xSFP+ Layer 3 管理者ガイド
![Netgear](https://files.manualsbrain.com/attachments/cf1ad5de25a3f8d6c88ef0ab489c1b137eebe11f/common/fit/150/50/17742d1e0cdacf24edeb88c30757620088415c5f7699f69b4517262e21e0/brand_logo.jpeg)
Security Management
369
Managed Switches
Figure 40. Dot1x, MAB, and captive portal authentication method list with default priority
In this example, a visiting client attempts to connect to a corporate network in which the
authentication manager is enabled. In such a situation, configure the authentication method
list in the order dot1x, followed by MAB, and followed by captive portal.
authentication manager is enabled. In such a situation, configure the authentication method
list in the order dot1x, followed by MAB, and followed by captive portal.
If the client is enabled for dot1x but fails to authenticate using dot1x, the authentication
manager places the port in the unauthorized state and stops the process. If the client is not
enabled for dot1x, the dot1x authentication process times out, and the authentication
manager selects the next configured authentication method in the list, which is MAB.
Because the client’s MAC address is unknown in the corporate network, the MAB
authentication process also times out.
manager places the port in the unauthorized state and stops the process. If the client is not
enabled for dot1x, the dot1x authentication process times out, and the authentication
manager selects the next configured authentication method in the list, which is MAB.
Because the client’s MAC address is unknown in the corporate network, the MAB
authentication process also times out.
The authentication manager selects the third configured authentication method in the list,
which is captive portal. If the client can provide valid credentials for web authentication, the
client is admitted to the network. If the client cannot provide valid credentials, the
authentication manager starts a timer for reauthentication because no other authentication
method is available in the list. At the expiration of the timer, the authentication manager
restarts the authentication process for the first method in the list.
which is captive portal. If the client can provide valid credentials for web authentication, the
client is admitted to the network. If the client cannot provide valid credentials, the
authentication manager starts a timer for reauthentication because no other authentication
method is available in the list. At the expiration of the timer, the authentication manager
restarts the authentication process for the first method in the list.
The CLI command to enable authentication is as follows.
(Netgear Switch)#configure
(Netgear Switch)(Config)#authentication enable
Authentication manager
(Select the authentication method)
Port is
unauthorized
Port is authorized
Dot1x
MAB
Captive
portal
portal
Selected
Failed
Selected
Failed
Selected
Failed
Succeeded
Succeeded
Succeeded