Support User Manuals

Nortel Networks 450 series Switch User Manual

Open as PDF

of 526

The Nortel SNAS 31

For information about configuring groups and extended profiles on the

Nortel SNAS, see “Configuring groups and profiles” (page 149).

Authentication methods

You can configure more than one authentication method within a Nortel

SNAS domain. Nortel Secure Network Access Switch Software Release

2.0 supports the following authentication methods:

•

external database

—

Remote Authentication Dial-In User Service (RADIUS)

—

Lightweight Directory Access Protocol (LDAP)

The Nortel SNAS authenticates the user by sending a query to an

external RADIUS or LDAP server. This makes it possible to use

authentication databases already existing within the intranet. The

Nortel SNAS device includes username and password in the query and

requires the name of one or more access groups in return. The name

of the RADIUS and LDAP access group attribute is configurable.

•

local authentication databases

—

Portal authentication: The Nortel SNAS can store up to 1,000 user

authentication entries in its own portal database. Each entry in the

database specifies a username, password, and relevant access

group.

Use the local authentication method if no external authentication

databases exist, for testing purposes, for speedy deployment, or

as a fallback for external database queries. You can also use the

local database for authorization only, if an external server provides

authentication services but cannot be configured to return a list of

authorized groups.

— MAC authentication: The media access control (MAC) address of

the end point device can be used for authentication. The Nortel

SNAS 4050 can store over 10,000 MAC addresses and support

over 2,000 concurrent MAC sessions. Each entry in the database

specifies a MAC address, IP type, device type, and group name(s).

You can optionally specify a user name, IP address of the device,

comments, and the IP address, unit, and port of the switch to which

the device is attached.

You can populate the local authentication databases by manually

adding entries on the Nortel SNAS, or you can import a database from

a TFTP/FTP/SCP/SFTP server.

For information about configuring authentication on the Nortel SNAS, see

“Configuring authentication” (page 171).

For more information about the way Nortel SNAS controls network access,

see Nortel Secure Network Access Solution Guide, (NN47230-200).

Nortel Secure Network Access Switch

Using the Command Line Interface

NN47230-100 03.01 Standard

28 July 2008

Copyright © 2007, 2008 Nortel Networks

.

previous next