Header Only - DO NOT REMOVE - Extreme Networks

SecureStack/D/G/I-Series Defaults regarding Multiauth Mode: Multi or Strict


Userlevel 3
Article ID: 12499

Products
SecureStack C3, C2, B3, B2, A2
G-Series
D-Series
I-Series

Changes
With default multiauth configurations (no commands visible from a 'show config multiauth'), issued a 'show multiauth' query on multiple devices.

Symptoms
No apparent reason why some devices default to "System mode : multi" and some default to "System mode : strict".

Cause
When policy commands are supported - whether used or not - then multiauth mode defaults to "multi". Otherwise, it defaults to "strict".

As a result:
  • The C3, C2, G-Series, and I-Series, which support policy with no need for licensing, always default to "multi".
  • The A2, which has no policy support, always defaults to "strict".
  • The B3, B2, and D-Series, which support policy upon application of a policy license (10833), default to "strict" when unlicensed and to "multi" when licensed.
This is demonstrated below, for the D-Series. Note that upon application of a policy license (10791), the system attempts to retain the existing multiauth mode by insertion of an explicit 'set multiauth mode strict' command in the configuration. Similarly, upon removal of a policy license, the system inserts a 'set multiauth mode multi' command. In either case, removal of that 'set multiauth mode...' command yields the described default behavior.
D2(su)->show config multiauth

#multiauth
!
end

D2(su)->show multiauth

Multiple authentication system configuration
-------------------------------------------------
Supported types : dot1x, mac
Maximum number of users : 36
Current number of users : 0
System mode : strict
Default precedence : dot1x, mac
Admin precedence
Operational precedence : dot1x, mac

D2(su)->set license D2Policy

Terms of this license may be found at

http://www.enterasys.com/support/fla.aspx

Do you accept the terms of the applicable policy license (y/n) [n]?y
License successfully enabled
D2(su)->show config multiauth

#multiauth
set multiauth mode strict
!
end

D2(su)->set multiauth mode multi
D2(su)->show config multiauth

#multiauth
!
end

D2(su)->show multiauth

Multiple authentication system configuration
-------------------------------------------------
Supported types : dot1x, pwa, mac
Maximum number of users : 36
Current number of users : 0
System mode : multi
Default precedence : dot1x, pwa, mac
Admin precedence
Operational precedence : dot1x, pwa, mac

D2(su)->[/code]
Solution
Functions as Designed (FAD).

Be aware of the "multiauthentication mode" guidelines as described above.
See also: 10283 and 11246.

0 replies

Be the first to reply!

Reply