Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

Survey the Network

4-6 Design Planning

Similarto802.1X,web‐basedauthenticationrequirestheinputofcredentialsandisnormallyused

onuser‐centricend‐systems thathaveaconceptofanassociateduser,suchasaPC.Therefore,this

authenticationmethodisinappropriateformachine‐centricdevicessuchasprintersandIP

cameras.

Notethatweb‐

basedauthenticationisauser‐initiatedauthenticationmethodwheretheusermust

manuallybeginthenetworkloginprocessbyopeningawebbrowserandenteringcredentials.

Thisuser‐initiatedmethodpreventsseamlessnetworkconnectivitybecausetheendusermust

initiatethereauthenticationafterassessmentiscomplete.

SinceEnterasysNAConlyacts

asapass‐throughtoanupstreamRADIUSServer,itismandatory

thatafullauthenticationdeploymentisconfiguredonthenetworkifweb‐basedauthentica tionis

used.

MACAuthentication

MACauthenticationauthenticatesthesourceMACaddressofanend‐systemandgrantsthe

appropriatelevelofaccessbyvalidatingtheMAC

addressontheRADIUSauthenticationserver.

Thisauthenticationmethodonlyrequiresthattheend‐systemgenerateapacket;itrequiresno

specialsoftwareontheend‐system.

Unlike802.1Xandweb‐basedauthentication,MACauthenticationcanbeusedtoauthenticate

machine‐centricend‐systemsthathavenoconceptofanassociated

user,suchasaprinterorIP

camera.

Withthisauthenticationmethod,EnterasysNACcanactasapass‐throughtoanupstream

RADIUSServerorcanlocallyauthorizeMACauthenticationattempts.Therefore,ifafull

authenticationdeploymenthasnotbeenconfiguredonthenetwork,MACauthenticationshould

beused.

End-System Capabilities

Whenauthenticationisconfiguredonthenetwork,itisimportanttoconsiderend‐system

capabilitiesandtheirabilitytointeractwiththeauthentication process.Machine‐centricend‐

systemsthatdonotpossessan802.1Xsupplicant,suchasIPcamerasandprinters,mayonlybe

capableofMACauthenticatingtothenetwork.

Somehuman‐centricend‐systemssuchasPCs,

maybecapableof802.1Xandweb‐basedauthenticationwhileotherPCsnotinstalledwithan

802.1Xsupplicant,areonlycapableofweb‐basedauthentication.Ifend‐systemsareimplementing

802.1Xandweb‐basedauthentication,EnterasysNACshould leveragetheseauthentication

methods

forend‐systemdetection.Forend‐systemsnotimplementing802.1Xorweb‐based

authentication,MAC‐basedauthenticationcanbeenabledontheseswitchports.

Support of Multiple Authentication Methods

Inordertosupportanenterprisenetworkconsistingofadiverseenvironmentofmachine‐centric

andhuman‐centricdevices,itisimportantthattheintelligentedgeofthenetworksupportsthe

concurrentenablingofmultipleauthenticationmethods,allatthesametimeonthesameswitch

port.Someintelligentswitchesmay

notsupporttheenablingofmultipleauthenticationmethods

concurrentlyonasingleport.Forexample,MACand802.1Xauthenticationmaybeconcurrently

enabledonaporttoaccountforthefactthatatrusteduser,guestuser,orIPphonemayconnectto

thisport.Theabilitytosupportmultiple

authenticationmethodsconcurrentlyonaportiseven

moreimportantforenvironmentswheremobilityofdevicesaroundthenetworkisessentialfor

ensuringbusinesscontinuity.

Support for Multiple End-System Connection

Itisimportanttoknow whethermultipleend‐systemconnectionissupportedbytheintelligent

edgeofthenetwork.Iftheintelligentedgedevicesonlysupporttheauthenticationofoneend‐

previous next