About the Authentication Profiles Page
To access this page, select Configuration >
SD-LAN > Authentication Profiles in Customer Portal.
Use this page to view, clone, edit, and delete authentication
profiles. An authentication profile enables you to define parameters
to authenticate a user. You can define the following parameters in
an authentication profile—the authentication method, fallback
options, and other settings (for example, number of retries, maximum
number of requests that can be allowed, and authentication server
timeout) related to the communication between the switch and a supplicant.
Tasks You Can Perform
You can perform the following tasks from this page:
Add an authentication profile—See Add Authentication Profiles.
Edit, clone, or delete an authentication profile—See Edit, Clone, and Delete an Authentication Profile.
Clear the selected authentication profiles—Click Clear All Selections to clear any authentication profiles that
you might have selected.
Search for authentication profiles using keywords—Click
the search icon and enter the search term in the text box and press
Enter. The search results are displayed on the same page.
Field Descriptions
Table 234 describes
the fields on the Authentication Profiles page.
Table 234: Authentication Profiles
Page Fields
Field | Description |
|---|
Profile Name | Name of the authentication profile. |
Description | A description about the authentication profile. |
Supplicant Mode | The mode of authenticating supplicants: Single—Authenticates only the first supplicant in
a LAN. All other supplicants in the LAN that connect later to the
port are allowed access without any further authentication, based
on the first supplicant’s authentication. Single Secure—Allows only one supplicant in a LAN
to connect to the port. No other supplicant in the LAN is allowed
to connect until the first supplicant logs out. Multiple—Allows multiple supplicants in a LAN to
connect to the port. Each supplicant is authenticated individually.
|
Primary Authentication Method | The primary method for authenticating a supplicant: dot1x—IEEE 802.1X standard for port-based network
access control (PBNAC); protects Ethernet LANs from unauthorized user
access. The dot1x method blocks all traffic to and from a supplicant
at the port until the supplicant’s credentials are presented
and matched on the authentication server (a RADIUS server). When the
supplicant is authenticated, the switch allows traffic from and to
the supplicant to transmit through it. MAC RADIUS—Used for network devices (such as a printer
or a camera) connected in a LAN that needs to access network resources,
but do not support the 802.1X standard. When a switch detects a supplicant that is not 802.1X-enabled
on its port, the switch transmits the MAC address of the supplicant
to the authentication server. The server then tries to match the MAC
address with a list of MAC addresses in its database. If the MAC address
matches an address in the list, the supplicant is authenticated.
|
Secondary Authentication Method | The secondary method for authenticating a supplicant when the
switch is unable to validate a supplicant by using the primary method
: None dot1x, when MAC RADIUS is set as the primary authentication
method. MAC RADIUS, when the dot1x method is set as the primary
authentication method.
|
Server Fail | The action that the switch takes when the RADIUS servers are
unavailable for authenticating a supplicant: None—No action is taken. If network access is already
granted to a supplicant, the access is maintained. Deny—Network access is denied to the supplicant. Permit—Network access is permitted to the supplicant.
If a RADIUS server timeout occurs during reauthentication, traffic
is allowed from and to the supplicant as the supplicant is already
authenticated. Use Cache—Recognizes already connected supplicants
and reauthenticates the supplicant when there is a RADIUS server timeout
(new supplicants are denied access): VLAN ID—Moves a supplicant to a specified VLAN (server
fail VLAN) if a RADIUS server timeout occurs:
|
Server Reject | The action the switch takes when the switch is unable to validate
a supplicant because of incorrect credentials provided by the supplicant: |
Guest | The action the switch takes for temporary users such as guests
or contractors: |
Related Documentation
Help us to improve. Rate this article.
Feedback Received. Thank You!