12.1.8 Notes on using multi-step authentication

<Structure of this section>

(1) About Configuring Filter-Id for RADIUS Properties
(2) Understanding Authentication Limits for Multi-Step Authentication

(1) About Configuring Filter-Id for RADIUS Properties

Note the following when configuring Filter-Id of RADIUS servers for user authentication:

Filter-Id attribute is also used for communication restrictions on authenticated terminals for IEEE802.1X authentication (for details, see Table 6-4: Attribute names used for authentication (their 3 Access-Accept) and 6.2.9 Communication restrictions on authenticated terminals in 6.1 IEEE802.1X summary). When a RADIUS server used for IEEE802.1X authentication is set to a Filter-Id other than the text-string used for multi-step authentication, communication restrictions for the authenticated terminal operate.

(2) Understanding Authentication Limits for Multi-Step Authentication

The authentication count limit set in the configuration command authentication max-user applies to the authentication count for user authentication.