9 security, 1 port access control – Asus GigaX3112 User Manual
Page 66
53
GigaX3112 Series Layer 3 Managed Switch
Once the filter set is attached to the ingress ports, it will filter the packets
according to the ingress port and the packet fields in the rules. For example, a
set with a single rule to filter out destination MAC address 00:10:20:30:40:50
is attached to ingress port 3. A packet with destination MAC 00:10:20:30:40:50
from port 3 is not permitted.
Figure 59. Filter attach (GigaX 3112F)
4.9 Security
The switch supports the 802.1x port-based security feature. Only authorized
hosts are allowed to access the switch port. Traffic will be blocked from
unauthenticated host. Authentication can be provided via a RADIUS server or
the local database in the switch.
The switch also supports dynamic VALN assignment through 802.1x
authentication process. The VLAN information for the users/ports should be
configured in the authentication server properly before enabling this feature.
4.9.1 Port Access Control
Port Access Control is used to configure various 802.1x parameters. 802.1x
uses either RADIUS server or local database to authenticate port users.
The first part is the Bridge (Global) settings:
Sys-Auth-Control: checks it to enable the authentication
Authentication Method: RADIUS or Local database can be used to
authenticate the port user.
The second part is the port settings. Please click when youʼre done with the
modifications:
Port: Specify which port to configure from port list window.
Multi-host: If enabled, ALL hosts connected to the selected port are allowed
to use the port if ONE of the hosts passed the authentication. If disabled,
only ONE host is allowed to use the port.