M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E
The Magnum MNS-6K software implements the 802.1x authenticator. It fully conforms to the
standards as described in IEEE 802.1x, implementing all the state machines needed for port-
based authentication. The Magnum MNS-6K Software authenticator supports both EAPOL and
EAP over RADIUS to communicate to a standard 802.1x supplicant and RADIUS authentication
server.
The Magnum MNS-6K software authenticator has the following characteristics:
•
Allows control on ports using STP-based hardware functions. EAPOL frames are
Spanning Tree Protocol (STP) link Bridge PDUs (BPDU) with its own bridge multicast
address.
•
Relays MD5 challenge (although not limited to) authentication protocol to RADIUS
server
•
Limits the authentication of a single host per port
•
The Magnum 6K family of switches provides the IEEE 802.1x MIB for SNMP
management
Configuring 802.1x
On enabling 802.1x ports, make sure the port which connects to the RADIUS servers needs to be
manually authenticated. To authenticate the port, use the “
setport”
command. The CLI
commands to configure and perform authentication with a RADIUS server are
Syntax
auth
- configuration mode to configure the 802.1x parameters
Syntax
show auth
<config|ports> -
show the 802.1x configuration or port status
Syntax
authserver [ip=<ip-addr>] [udp=<num>] [secret=<string>] -
define the RADIUS
server – use UDP socket number if the RADIUS authentication is on port other than 1812
Syntax
auth <enable|disable> -
enables or disables the 802.1x authenticator function on MNS-6K switch
Syntax
setport port=<num|list|range> [status=<enable|disable>]
[control=<auto|forceauth|forceunauth>] [initialize=<assert|deassert>]
- setting the
port characteristic for an 802.1x network
Syntax
backend port=<num|list|range> supptimeout=<1-240>] [servertimeout=<1-240>]
[maxreq=<1-10>]
-
configure parameters for EAP over RADIUS
port
– [mandatory] – port(s) to be configured
supptimeout
– [optional] This is the timeout in seconds the authenticator waits for the
supplicant to respond back. Default value is 30 seconds. Values can range from 1 to 240
seconds.
servertimeout
– [optional] This is the timeout in seconds the authenticator waits for the
backend RADIUS server to respond back. The default value is 30 seconds. Values can
range from 1 to 240 seconds.
109