Support User Manuals

GarrettCom MNS-6K Switch User Manual

Open as PDF

of 329

MAGNUM 6K SWITCHES, MNS-6K USER GUIDE

The Magnum MNS-6K software implements the 802.1x authenticator. It fully conforms to the

standards as described in IEEE 802.1x, implementing all the state machines needed for port-

based authentication. The Magnum MNS-6K Software authenticator supports both EAPOL and

EAP over RADIUS to communicate to a standard 802.1x supplicant and RADIUS authentication

server.

The Magnum MNS-6K software authenticator has the following characteristics:

• Allows control on ports using STP-based hardware functions. EAPOL frames are

Spanning Tree Protocol (STP) link Bridge PDUs (BPDU) with its own bridge multicast

address.

• Relays MD5 challenge (although not limited to) authentication protocol to RADIUS

server

• Limits the authentication of a single host per port

• The Magnum 6K family of switches provides the IEEE 802.1x MIB for SNMP

management

Configuring 802.1x

On enabling 802.1x ports, make sure the port which connects to the RADIUS servers needs to be

manually authenticated. To authenticate the port, use the “setport” command. The CLI

commands to configure and perform authentication with a RADIUS server are

Syntax auth - configuration mode to configure the 802.1x parameters

Syntax show auth <config|ports> - show the 802.1x configuration or port status

Syntax authserver [ip=<ip-addr>] [udp=<num>] [secret=<string>] - define the RADIUS

server – use UDP socket number if the RADIUS authentication is on port other than 1812

Syntax auth <enable|disable> - enables or disables the 802.1x authenticator function on MNS-6K switch

Syntax setport port=<num|list|range> [status=<enable|disable>]

[control=<auto|forceauth|forceunauth>] [initialize=<assert|deassert>] - setting the

port characteristic for an 802.1x network

Syntax backend port=<num|list|range> supptimeout=<1-240>] [servertimeout=<1-240>]

[maxreq=<1-10>] - configure parameters for EAP over RADIUS

port – [mandatory] – port(s) to be configured

supptimeout – [optional] This is the timeout in seconds the authenticator waits for the

supplicant to respond back. Default value is 30 seconds. Values can range from 1 to 240

seconds.

servertimeout – [optional] This is the timeout in seconds the authenticator waits for the

backend RADIUS server to respond back. The default value is 30 seconds. Values can

range from 1 to 240 seconds.

80

previous next