5.3.3 Forced authentication
Ports for which the authentication force-authorized enable command is configured consider all login requests to be successful in the following circumstances:
-
RADIUS authentication is specified but there is no response from the designated RADIUS server
-
Local authentication is specified, but no authentication data exists on the device:
-
For Web authentication, this means that no users are registered in the internal Web authentication DB.
-
For MAC-based authentication, this means that no MAC addresses are registered in the internal MAC-based authentication database.
-
Users subject to forced authentication are treated the same as normal authenticated users for the duration of the authentication session. The following table describes the authentication modes that support forced authentication:
Functionality |
IEEE802.1X |
Web Authentication |
MAC-based Authentication |
|||
---|---|---|---|---|---|---|
Fixed VLAN mode |
Dynamic VLAN mode |
Fixed VLAN mode |
Dynamic VLAN mode |
Fixed VLAN mode |
Dynamic VLAN mode |
|
Forced authentication |
NG |
NG |
OK |
OK # |
OK |
OK # |
Legend: OK: Operable; NG: Inoperable
- #
-
In dynamic VLAN mode, the authentication force-authorized vlan configuration command specifies the VLAN ID assigned to the forcibly authenticated client. If you omit the authentication force-authorized vlan configuration command, the client is attached to the native VLAN.
- Notes on configuring forced authentication:
-
Because forced authentication can pose a security risk, consider the implications carefully before using it.
- Example: When using a RADIUS server for MAC-based authentication
-
When Web authentication and MAC-based authentication are both configured for a port in force-authorized mode and a RADIUS server is set up for MAC-based authentication, if communication with the RADIUS server fails for some reason, forced authentication comes into operation. In this case, terminals subject to Web authentication will be permitted access without going through the Web authentication process.