RADIUS-Snooping (RS) is one of the Extreme Networks MultiAuth suite of authentication methods. See Authentication Configuration for a detailed discussion of the other authentication methods supported by the S- K- and 7100-Series platform. RS resides on the distribution-tier switch, allowing for management of any directly connected edge switch that uses the RADIUS protocol to authenticate a network end-station, but does not support the full complement of the Extreme Networks Secure Networks™ capabilities.
The RADIUS client edge-switch initiates an authentication request, by sending a RADIUS request to the RADIUS server that resides upstream of the distribution-tier switch. By investigating the RADIUS request frames, RS can determine the MAC address of the end-user device being authenticated. The network administrator creates a user account on the RADIUS server for the end-user that includes any policy, dynamic VLAN assignment, and other RADIUS and RS attributes for this end-station. By investigating the RADIUS response from the RADIUS server, RS can build a MutiAuth session as though the end-user were directly connected to the distribution-tier device.
Sessions detected by RS function identically to local authenticated sessions from the perspective of the Extreme Networks MultiAuth framework, with the exception that RS can not force a reauthentication event; it can only timeout the session.
RADIUS-Snooping allows the Extreme Networks S- K- and 7100-Series distribution-tier switch to identify RADIUS exchanges between devices connected to edge switches and apply policy to those devices even when the edge switch is from another vendor and does not support policy. RADIUS-Snooping provides, but is not limited to, the following functionalities:
With RS-enabled on the distribution-tier switch, these Secure Networks capabilities can be configured by the network administrator on an end-user basis.
RADIUS-Snooping accounting is supported.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB