Netgear M4300-24X24F (XSM4348S) - Stackable Managed Switch with 48x10G including 24x10GBASE-T and 24xSFP+ Layer 3 Guia Do Administrador
Security Management
366
Managed Switches
Use the Authentication Manager to Set Up an
Authentication Method List
Authentication Method List
The authentication manager lets you configure an authentication method list, which you can
apply on a per-port basis. If authentication is disabled, no authentication method is applied
and the port provides open access. By default, authentication is disabled for all ports.
apply on a per-port basis. If authentication is disabled, no authentication method is applied
and the port provides open access. By default, authentication is disabled for all ports.
The authentication manager lets you configure the following authentication methods in an
authentication method list:
authentication method list:
•
dot1x
•
MAB
•
captive portal (that is, web authentication)
The default authentication method list applies these authentication methods in the order
dot1x, MAB, and captive portal as the default methods for all ports.
dot1x, MAB, and captive portal as the default methods for all ports.
You cannot configure another authentication method after the captive portal method, that is,
the captive portal method must be the last method in an authentication method list.
the captive portal method must be the last method in an authentication method list.
When a client connects to a port, the switch attempts to authenticate the client through the
port-based authentication method list. If an authentication method times out (or an error
occurs), the switch attempts to authenticate with the next authentication method in the list. If
all authentication methods time out, the switch starts a timer for which the value is equal to
the authentication restart timer. At the expiration of the timer, the authentication manager
restarts the authentication process for the first method in the list. If the client connection goes
down and comes up again, the authentication manager restarts the authentication sequence.
port-based authentication method list. If an authentication method times out (or an error
occurs), the switch attempts to authenticate with the next authentication method in the list. If
all authentication methods time out, the switch starts a timer for which the value is equal to
the authentication restart timer. At the expiration of the timer, the authentication manager
restarts the authentication process for the first method in the list. If the client connection goes
down and comes up again, the authentication manager restarts the authentication sequence.
Note:
The authentication manager controls only the order in which the switch
executes the authentication methods. The authentication manager does
not configure or change the authentication methods. You need to ensure
that the switch is configured correctly so that the switch can execute the
authentication methods as presented in the authentication method list.
executes the authentication methods. The authentication manager does
not configure or change the authentication methods. You need to ensure
that the switch is configured correctly so that the switch can execute the
authentication methods as presented in the authentication method list.
The priority of an authentication method is determined by its position in authentication
method list. If you do not configure authentication method priorities, the relative priorities (that
is, the highest first) are in the same order as that of the port-based authentication list.
method list. If you do not configure authentication method priorities, the relative priorities (that
is, the highest first) are in the same order as that of the port-based authentication list.
Authentication priority allows a higher-priority method to interrupt an authentication process
that is in progress with a lower-priority method. Alternatively, if a client is already
authenticated, an interrupt from a higher priority method can cause a client that is already
authenticated through a lower-priority method to be reauthenticated through the
higher-priority method.
authenticated, an interrupt from a higher priority method can cause a client that is already
authenticated through a lower-priority method to be reauthenticated through the
higher-priority method.