Understanding the Authentication Profile

The Authentication Profile enhances network security as it controls client access to resources by working with VLAN and AAA servers on switches. This is called Flexible Authentication.

Feature Overview

Flexible Authentication integrates with Virtual Local Area Networks (VLANs) and Authentication, Authorization, and Accounting (AAA) servers to provide a robust authentication framework.

VLAN Integration: VLANs segment the network into different logical groups. Flexible Authentication assigns clients to specific VLANs based on their authentication status.

AAA Server: The AAA server handles the authentication, authorization, and accounting processes. It verifies the identity of clients attempting to connect to the network and enforces policies based on the authentication results.

Authentication Methods: Flexible Authentication supports multiple authentication methods, such as IEEE 802.1X and MAC authentication, allowing for a flexible and layered security approach.

By using Flexible Authentication, network administrators can ensure that only authorized devices gain access to the network, enhancing overall security and resource management.

It imposes the following restrictions on clients:

  • Successful authentication places the client in the Auth Default VLAN.
  • Failed authentication places the client in the Restricted VLAN or blocks them.
  • Authentication timeouts result in the client being placed in the Critical VLAN or handled based on the outcome (success, failure, none).
  • Guest clients are placed in the Guest VLAN.

Requirements

Flexible Authentication is supported in FastIron release 10.0.10f and later, and 10.0.20b and later.

Considerations

If you update the Auth Default VLAN to match the previous Restricted VLAN or Critical VLAN at the port level, RUCKUS One will set the Fail Action to Block or the Timeout Action to None for the conflicting port.

If you enable port-level authentication without enabling switch-level authentication, the Auth Default VLAN and Guest VLAN of the first enabled port are transferred to the switch level.

Best Practices

This feature has no special recommendations for feature enablement or usage.

Prerequisites

This feature has no prerequisites to feature enablement or usage.