Two-step authentication – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Authentication Introduction and Configuration

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

42.21

Two-step Authentication

The single step authentication methods (either user or device authentication) have a
potential security risk:

■

an unauthorized user can access the network with an authorized device, or

■

an authorized user can access the network with an unauthorized device

Two-step authentication solves this problem by authenticating both the user and the
device. The supplicant will only become authenticated if both these steps are successful. If
the first authentication step fails, then the second step is not started.

The following authentication sequences are supported for two-step authentication:

MAC Authentication followed by 802.1X Authentication

MAC Authentication followed by Web Authentication

802.1X Authentication followed by Web Authentication.

To configure two-step authentication:

1.

Configure the first authentication method.

2.

Configure the second authentication method.

3.

Specify the command

auth two-step enable

.

4.

Make sure that both authentication steps require different authentication credentials.
See

“Ensuring Authentication Methods Require Different Usernames and

Passwords” on page 42.22

.

For more information and examples, see the “Two-step authentication” section in the

Alliedware Plus Technical Tips and Tricks.