Operational settings for authenticator ports 5, Operational settings for authenticator ports – Allied Telesis AT-FS970M Series User Manual

AT-FS970M Switch Command Line User’s Guide

1045

Operational Settings for Authenticator Ports

An authenticator port can have one of three possible operational settings:



Auto - Activates port-based authentication. The port begins in the
unauthorized state, forwarding only EAPOL frames and discarding
all other traffic. The authentication process begins when the link
state of the port changes or the port receives an EAPOL-Start
packet from a supplicant. The switch requests the identity of the
supplicant and begins relaying authentication messages between
the supplicant and the RADIUS authentication server. After the
supplicant is validated by the RADIUS server, the port begins
forwarding all traffic to and from the supplicant.



Force-authorized - Automatically places the port in the authorized
state without any authentication exchange required. The port
transmits and receives normal traffic without authenticating the
supplicant.



Force-unauthorized - Causes the port to remain in the
unauthorized state, ignoring all attempts by the supplicant to
authenticate. The port forwards EAPOL frames, but discards all
other traffic. This setting is analogous to disabling a port.

As mentioned earlier, the switch itself does not authenticate supplicants.
That function is performed by the authentication server and the RADIUS
server software. The switch acts as an intermediary for the authentication
server by denying access to the network by the supplicant until the
supplicant has been validated by the authentication server.