beautypg.com

LevelOne GSW-4876 User Manual

Page 96

background image

C

HAPTER

4

| Configuring the Switch

Configuring Security

– 96 –

The advantage of MAC-based authentication over port-based

802.1X is that several clients can be connected to the same port

(e.g. through a 3rd party switch or a hub) and still require individual

authentication, and that the clients don't need special supplicant

software to authenticate. The advantage of MAC-based

authentication over 802.1X-based authentication is that the clients

don't need special supplicant software to authenticate. The

disadvantage is that MAC addresses can be spoofed by malicious

users - equipment whose MAC address is a valid RADIUS user can

be used by anyone. Also, only the MD5-Challenge method is

supported. The maximum number of clients that can be attached to

a port can be limited using the Port Security Limit Control

functionality.

Further Guidelines for Port Admin State

Port Admin state can only be set to Force-Authorized for ports

participating in the Spanning Tree algorithm (see

page 135

).

When 802.1X authentication is enabled on a port, the MAC address

learning function for this interface is disabled, and the addresses

dynamically learned on this port are removed from the common

address table.

Authenticated MAC addresses are stored as dynamic entries in the

switch's secure MAC address table. Configured static MAC addresses

are added to the secure address table when seen on a switch port

(see

page 166

). Static addresses are treated as authenticated

without sending a request to a RADIUS server.

When port status changes to down, all MAC addresses are cleared

from the secure MAC address table. Static VLAN assignments are

not restored.

RADIUS-Assigned QoS Enabled - Enables or disables this feature for

a given port. Refer to the description of this feature under the System

Configuration section.

RADIUS-Assigned VLAN Enabled - Enables or disables this feature

for a given port. Refer to the description of this feature under the

System Configuration section.

Guest VLAN Enabled - Enables or disables this feature for a given

port. Refer to the description of this feature under the System

Configure section.

Port State - The current state of the port:

Globally Disabled - 802.1X and MAC-based authentication are

globally disabled. (This is the default state.)

Link Down - 802.1X or MAC-based authentication is enabled, but

there is no link on the port.

Authorized - The port is in Force Authorized mode, or a single-

supplicant mode and the supplicant is authorized.

See also other documents in the category LevelOne Routers: