beautypg.com

The 802.1x implementation – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1064

background image

802.1X Introduction and Configuration

Software Reference for x310 Series Switches

40.6

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

The 802.1X Implementation

802.1X port access control is achieved by making devices attached to a controlled port
authenticate themselves via communication with an authentication server before these
devices are allowed to access the network behind the controlled port.

Authentication is required on a per-port basis. The main components of an 802.1X
implementation are:

the authenticator - the port on this device that wishes to enforce authentication
before allowing access to services that are accessible behind it.

the supplicant - the port that wishes to access services offered by the authenticator’s
system. The supplicant may be a port on a PC or other device connected to this
device.

the authentication server - a device that uses the authentication credentials supplied
by the supplicant, via the authenticator, to determine if the authenticator should
grant access to its services.

To configure the switch operating as authenticator, follow the instructions below:

1. Configure a RADIUS server for the switch to send requests to

2. Instruct 802.1X to use the configured RADIUS server

3. Configure port1.0.5 for 802.1X authentication

awplus(config)#

radius-server host 192.168.1.250 key
<secret-key>

awplus(config)#

aaa authentication dot1x default group radius

awplus(config)#

interface port1.0.5

awplus(config-if)#

dot1x port-control auto

awplus(config-if)#

spanning-tree portfast

Switch

RADIUS

Server

Supplicant

Authenticator

Authentication Server

192.168.1.250

192.168.1.45

port1.0.5