Tag: Security

EOS – Auto Tracking

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 18th January 2016

Auto-tracking is a form of multiauth authentication used for populating the multiauth session table. This can be used for applications like NAC but is mandatory for the use of Anti-Spoofing, if you have no other form of multiauth authentication configured. Like configuring authentication in general this is best achieved through Netsight Policy Manager, but below is the command-line if needed.

 

EOS – 802.1x Configuration Example (C Series)

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 18th January 2016

Globally enable 802.1.x but don’t enforce port authentication

Enable port authentication

Disable port authentication

 

EOS – 802.1x Configuration Example (S/K Series)

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 18th January 2016

S/K Series Globally enable 802.1.x but don’t enforce port authentication

Enable port authentication (With auto-tracking disabled for use of anti-spoofing)

Disable port authentication (With auto-tracking enabled for use of anti-spoofing)

 

EOS – Authentication Behaviour

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 18th January 2016

All the command line referenced for configuring 802.1x can be programmed through Netsight Policy Manager, and is the recommended way to do this. For reference the authentication behaviours and their equivalent command line is detailed below: Authentication Behaviour                                     Active Unauthenticated Behaviour                                  Default Role <none> Disable 802.1x Authentication for the port           Checked

Authentication Behaviour        …

EOS – Multi-User

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 18th January 2016

Mulit-User configures the authentication mode to 802.1x only (strict) or multiple mode (multi).  Each method can have its own policy. Up to seven authentication methods per user on the same port, but only one method per user is applied, authentication precedence is used to determine authentication method if multiple are used. Multiple users can be configured to authenticate on an single port. Authentication Modes: Quarantine …

EOS – MultiAuth

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 18th January 2016

The following modes can be configured to enable 802.1x authentication: auto — Auto authorization mode (default). The Enterasys Matrix system will only forward frames received on a port which are considered authenticated according to the state of the corresponding access entity. forced‐auth — Forced authorized mode, which effectively disables 802.1X authentication on the port, and allows all frames received on the port to be forwarded. …

EOS – Radius

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 18th January 2016

First thing you would need to do when implementing 802.1x is to configure radius and set the realm to ‘network-access’.

Examples of Filter-ID to use in the Radius ‘Accept’ response.

policyname – is the name of the policy to apply to this authentication. access-mgmtTypes-  supported are: ro (read-only), rw (read-write), and su (super-user).

 

EXOS – Banner

10th January 2016 by Martin Flammia

Filed under Extreme Networks EXOS

Last modified 25th February 2016

The command ‘acknowledge’ means you will need to accept the banner before proceeding, hence the additional text ‘Press ENTER to accept’ in the banner. You can present the banner ‘before-login’ or ‘after-login’ and use the ‘show banner’ command to see what’s configured. Note: In order to get blank lines you need to put in a blank space, otherwise if you hit return twice you …

EXOS – ACL’s

29th December 2015 by Martin Flammia

Filed under Extreme Networks EXOS

Last modified 7th April 2016

ACL’s can be created in two ways. The first is to create a policy (static ACL) with “if”, “then” statements the other is to use the ‘Dynamic’ ACL format. The former you are able to create a list of ACL’s and apply them as a whole to a selection of ports, the later ‘dynamic’ you create singular rules and apply each to a port. I typically configure …