This section provides details for the configuration of authentication methods, MultiAuth and RADIUS.
Default Authentication Parameters lists Authentication parameters and their default values.
Parameter | Description | Default Value |
---|---|---|
auto-tracking agent authallocated | Specifies the maximum number of users per port supported by the auto-tracking agent | Number of Multiauth users configured. |
auto-tracking agent port idle timeout | Specifies the auto-tracking agent port idle timeout value in seconds | Multiauth port idle timeout. |
auto-tracking agent port session timeout | Specifies the auto-tracking agent port session timeout in seconds. | Multiauth port session timeout. |
auto-tracking agent state | Enables or disables the auto-tracking agent on a per port basis and globally on the device. | Disabled. |
authentication agent accounting | Specifies whether accounting is enabled or disabled for the agent. | Quarantine – Disabled. 802.1x – Enabled. PWA – Enabled. MAC-based authentication – Enabled. CEP – Disabled. Auto-tracking – Disabled. |
cep port | Enables or disables CEP for the specified port. | Disabled. |
dot1x | Enables and disables 802.1x authentication both globally and per port. | Globally: Disabled. Per Port: Enabled. |
dot1x authconfig | Configures 802.1x authentication. | auto - auto authorization mode. |
macauthentication | Globally enables or disables MAC authentication on a device. | Disabled. |
macauthentication authallocated | Sets the number of MAC authentication sessions supported on the specified port. | Based upon the device and license. See the firmware release notes for your device (S-, K-Series). 8 (7100-Series). |
macauthentication port | Enables or disables MAC authentication on a port | Disabled. |
MultiAuth idle-timeout | Specifies the period length for which no traffic is received before a MultiAuth session is set to idle. | 300 seconds. |
MultiAuth mode | Globally sets MultiAuth for this device. | strict - authentication limited to 802.1x for a single user on a port. |
MultiAuth port mode | Specifies the MultiAuth port mode to use for the specified port. | auth-opt - Authentication is optional based upon global and port configuration. |
MultiAuth precedence | Specifies the authentication mode to use when multiple authentication types are successfully authenticated. | Precedence from high to low: Quarantine agent, 802.1x, PWA, MAC, CEP, Radius-Snooping, auto-tracking (S-, K-Series). 802.1x, PWA, MAC, CEP, Radius-Snooping (7100-Series). |
MultiAuth session-timeout | Specifies the maximum amount of time a session can live. | 0 - no timeout in effect. |
pwa | Globally enables or disables PWA authentication. | Disabled. |
pwa enhancemode | Allows a user on an un-authenticated port to enter any URL in the browser to access the login page (S-, K-Series). | Disabled. |
quarantine agent authallocated | Specifies the maximum number of users per port for supported by the quarantine agent | Number of Multiauth users configured. |
quarantine agent port idle timeout | Specifies the quarantine agent port idle timeout value in seconds | Multiauth port idle timeout. |
quarantine agent port session timeout | Specifies the quarantine agent port session timeout in seconds. | Multiauth port session timeout. |
quarantine agent state | Enables or disables the quarantine agent on a per port basis and globally on the device. | Disabled. |
radius | Enable or disable RADIUS on this device. | Disabled. |
radius accounting | Enables or disables RADIUS accounting for this device. | Disabled. |
radius accounting intervalminimum | Specifies the minimum interval before sending updates for RADIUS accounting. | 600 seconds. |
radius accounting retries | Specifies the number of times a switch will attempt to contact an authentication server for RADIUS accounting that is not responding. | 2. |
radius accounting timeout | Specifies the amount of time for a switch to make contact with a RADIUS server. | 5 seconds. |
radius accounting updateinterval | Specifies the minimum interval between interim updates for RADIUS accounting. | 1800 seconds. |
radius authentication algorithm | The algorithm used for selecting the server used for a RADIUS authentication session. | standard. |
radius retries | Specifies the number of times a switch will try to establish with the authentication server. | 3. |
RADIUS sticky round robin maximum sessions | The maximum number of RADIUS authentication sessions allowed when the RADIUS authentication algorithm is set to sticky round robin. | maximum number of users supported on the device. |
radius timeout | Specifies the amount of time a switch will wait to receive a response from the authentication server before sending another request. | 20 seconds. |
realm | Specifies authentication server configuration scope | Both: management-access and network-access. |
VLAN authorization | Enables or disables globally and per port VLAN authorization. | Globally: Disabled. Per Port: Enabled. |
VLAN egress format | Determines whether dynamic VLAN tagging will be none, tagged, untagged, or dynamic for an egress frame. | Untagged. |