Roaming authentication – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Authentication Introduction and Configuration

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

42.23

Roaming Authentication

When network security is required, the usability of network security must be considered.
The Roaming Authentication feature improves the usability of network security by
enabling users to move within the network without requiring them to re-authenticate
each time they move.

If a supplicant (client device) moves from one wireless access point to another wireless
access point, and the wireless access points are connected to different ports, then the
switch (authenticator) recognizes that the supplicant has been authenticated and accepts
the supplicant without requiring re-authentication.

Figure 42-1: Diagram showing Roaming Authentication running on a standalone
switch

Web-authentication and MAC-authentication are the authentication methods in a
Wireless LAN environment, and 802.1X is the authentication method used for supplicants
attached to edge switches.

Roaming Authentication is normally enabled using the

auth roaming enable command

on page 43.17

command. However, Roaming Authentication has been extended (with the

auth roaming disconnected command on page 43.15

) to work where an interface is link

down. This allows you to enable supplicants to move from authenticated interfaces that
are link down, without requiring re-authentication.

Roaming Authentication is available for use with the VCStack feature, and is available on
static and dynamic (LACP) channel group interfaces.