Filter
Top Products
74 Summit 200 Series Switch Installation and User Guide
Managing the Switch
Interoperability Requirements
For network login to operate, the user (supplicant) software and the authentication server must support
common authentication methods. Not all combinations will provide the appropriate functionality.
Supplicant Side
On the client side, currently, the only platform that natively supports 802.1x is Windows XP, which
performs MD5 and TLS. Other 802.1x clients are available that support other operating systems and
support mixes of authentication methods.
A Windows XP 802.1x supplicant can be authenticated as a computer or as a user. Computer
authentication requires a certificate installed in the computer certificate store, and user authentication
requires a certificate installed in the individual user's certificate store.
By default, the XP machine performs computer authentication as soon as the computer is powered on,
or at link-up when no user is logged into the machine. User authentication is performed at link-up
when the user is logged in.
The XP machine can be configured to perform computer authentication at link-up even if user is logged
in.
Table 21: VSA Definitions for Web-based Network Login
VSA
Attribute
Value
Type Sent-in Description
Extreme-Netlogin-VLAN 203 String Access-Accept Name of destination VLAN (must already exist
on switch) after successful authentication.
Extreme-Netlogin-URL 204 String Access-Accept Destination web page after successful
authentication.
Extreme-Netlogin-URL-
Desc
205 String Access-Accept Text description of network login URL attribute.
Extreme-Netlogin-Only 206 Integer Access-Accept Determines if user can authenticate via other
means, such as telnet, console, SSH, or Vista.
A value of “1” (enabled) indicates that the user
can only authenticate via network login. A
value of zero (disabled) indicates that the user
can also authenticate via other methods.
Table 22: VSA Definitions for 802.1x Network Login
VSA
Attribute
Value
Type Sent-in Description
Extreme-Netlogin-VLAN 203 String Access-Accept Name of destination VLAN (must already exist
on switch) after successful authentication.