Interoperability requirements, Supplicant side – Extreme Networks 200 Series User Manual

Page 76

Advertising
background image

74

Summit 200 Series Switch Installation and User Guide

Managing the Switch

Interoperability Requirements

For network login to operate, the user (supplicant) software and the authentication server must support
common authentication methods. Not all combinations will provide the appropriate functionality.

Supplicant Side

On the client side, currently, the only platform that natively supports 802.1x is Windows XP, which
performs MD5 and TLS. Other 802.1x clients are available that support other operating systems and
support mixes of authentication methods.

A Windows XP 802.1x supplicant can be authenticated as a computer or as a user. Computer
authentication requires a certificate installed in the computer certificate store, and user authentication
requires a certificate installed in the individual user's certificate store.

By default, the XP machine performs computer authentication as soon as the computer is powered on,
or at link-up when no user is logged into the machine. User authentication is performed at link-up
when the user is logged in.

The XP machine can be configured to perform computer authentication at link-up even if user is logged
in.

Table 21: VSA Definitions for Web-based Network Login

VSA

Attribute
Value

Type

Sent-in

Description

Extreme-Netlogin-VLAN

203

String

Access-Accept

Name of destination VLAN (must already exist
on switch) after successful authentication.

Extreme-Netlogin-URL

204

String

Access-Accept

Destination web page after successful
authentication.

Extreme-Netlogin-URL-
Desc

205

String

Access-Accept

Text description of network login URL attribute.

Extreme-Netlogin-Only

206

Integer

Access-Accept

Determines if user can authenticate via other
means, such as telnet, console, SSH, or Vista.
A value of “1” (enabled) indicates that the user
can only authenticate via network login. A
value of zero (disabled) indicates that the user
can also authenticate via other methods.

Table 22: VSA Definitions for 802.1x Network Login

VSA

Attribute
Value

Type

Sent-in

Description

Extreme-Netlogin-VLAN

203

String

Access-Accept

Name of destination VLAN (must already exist
on switch) after successful authentication.

Advertising
Popular Brands
Popular manuals