The following table lists terms and definitions used in this RADIUS-Snooping configuration discussion.
Term | Definition |
---|---|
Calling-Station ID | An attribute field in the RADIUS request and response frames containing the RADIUS client MAC address. |
Distribution-Tier Switch | The switch that aggregates edge switch traffic heading into the core network or other distribution devices. |
Edge Switch | The switch directly connected to the end-user device. |
Filter-ID | A vendor defined RADIUS attribute that the Extreme Networks S- K- and 7100-Series authentication implementation makes use of, allowing the authenticating device to assign policy, CLI privilege level, and dynamic VLAN assignment to the end-user. |
Multi-Authentication Methods | The ability to authenticate a user for multiple authentication methods such as 802.1x, MAC, PWA, or CEP, while only applying the authentication method with the highest authentication precedence. |
Multi-User Authentication | The ability to authenticate multiple users on a port, assigning unique policy to each user based upon the user account RADIUS server configuration and policy configuration on the distribution-tier switch. |
MutiAuth Framework | The aspect of Secure Networks functionality that provides authentication capabilities including, but not limited to, multi-user and multi-method authentication, application of policy and Dynamic VLAN assignment. |
RADIUS Client | In a RADIUS-Snooping context the RADIUS client is the non-Secure Networks capable edge switch that is responsible for authenticating its attached end-user device or port. |
RADIUS-Snooping flow table | A table containing the RADIUS client and server ID defining valid RS sessions. |
RADIUS Request Frames | Frames sent by the RADIUS client to the RADIUS server requesting end-user authentication validation. |
RADIUS Response Frames | Frames sent by the RADIUS server to the RADIUS client either validating or rejecting an authentication validation request. These frames can also contain the Filter-ID attribute allowing the assignment of policy, CLI privilege, and dynamic VLAN assignment. |
RADIUS-Snooping | Provides non-Secure Networks capable edge switches with the full range of Secure Networks authentication capabilities when the RADIUS server is upstream of the distribution-tier switch. |