xStack
®
DGS-3400 Series Layer 2 Gigabit Managed Switch CLI Manual
432
config authentication ports
Purpose This command is used to configure security ports.
Syntax
config authentication ports [<portlist>| all] {auth_mode [port_based | host_based] |
multi_authen_methods [none | any | dot1x_impb | impb_jwac |]} (1)
Description This command is used to configure the authorization mode and authentication method on
ports.
If multi_authen_methods mode is none, this port is doing single authentication. The
port will operate based on the authentication mode configured by the single
authentication module’s command.
If multi_authen_methods mode is anything other than none, the port is doing
compound authentication. The port will operate based on the authentication mode
configured by the compound authentication command.
The enable and disable settings of individual authentication willl always take effect.
Suppose that a port’s multi_authen_methods is set to any but MBAC is disabled and
JWAC and 802.1X are enabled, then the user must pass either JWAC or 802.1X.
Similarly, if the multi_authen_methods for a port is set to impb_jwac but JWAC is
disabled and IMPB is enabled, then the authentication result will be the result of IMPB
authentication.
Parameters portlist – Specifies the ports to be configured.
auth_mode – Choose between port-based or host-based.
port-based: If one of the attached hosts passes the authentication process, all
hosts on the same port will be granted access to the network. If the user fails the
authorization process, this port will keep trying the next authentication.
host-based: Every user can be authenticated individually.
multi_authen_methods – Specifies the method for compound authentication.
none – Specifies that compound authentication is not enabled.
any – If any one of the authentication methods (802.1X, MBAC, and JWAC) are passed,
then authentication will be passed.
dot1x_impb – 802.1X will be verified first, and then IMPB will be verified. Both
authentication methods need to be passed.
impb_jwac – JWAC will be verified first, and then IMPB will be verified. Both
authentication methods need to be passed.
Restrictions Only Administrator and Operator-level users can issue this command.
Example usage:
To configure the authentication mode of all ports to host-based:
DGS-3426:5#config authentication ports all auth_mode host_based
Command: config authentication ports all auth_mode host_based
Success.
DGS-3426:5#
To configure the compound authentication method of all ports to “any”:
DGS-3426P:5#config authentication ports all multi_authen_methods any
Command: config authentication ports all multi_authen_methods any
Success.
DGS-3426P:5#
