9 security, 1 port access control – Asus GigaX3112 User Manual

53

GigaX3112 Series Layer 3 Managed Switch

Once the filter set is attached to the ingress ports, it will filter the packets

according to the ingress port and the packet fields in the rules. For example, a

set with a single rule to filter out destination MAC address 00:10:20:30:40:50

is attached to ingress port 3. A packet with destination MAC 00:10:20:30:40:50

from port 3 is not permitted.

Figure 59. Filter attach (GigaX 3112F)

4.9 Security

The switch supports the 802.1x port-based security feature. Only authorized

hosts are allowed to access the switch port. Traffic will be blocked from

unauthenticated host. Authentication can be provided via a RADIUS server or

the local database in the switch.
The switch also supports dynamic VALN assignment through 802.1x

authentication process. The VLAN information for the users/ports should be

configured in the authentication server properly before enabling this feature.

4.9.1 Port Access Control

Port Access Control is used to configure various 802.1x parameters. 802.1x

uses either RADIUS server or local database to authenticate port users.
The first part is the Bridge (Global) settings:

Sys-Auth-Control: checks it to enable the authentication
Authentication Method: RADIUS or Local database can be used to

authenticate the port user.

The second part is the port settings. Please click when youʼre done with the

modifications:

Port: Specify which port to configure from port list window.
Multi-host: If enabled, ALL hosts connected to the selected port are allowed

to use the port if ONE of the hosts passed the authentication. If disabled,

only ONE host is allowed to use the port.