beautypg.com

Configuring authenticator ports, Designating authenticator ports, Designating the authentication methods – Allied Telesis AT-9000 Series User Manual

Page 910

background image

Chapter 60: 802.1x Port-based Network Access Control

882

Configuring Authenticator Ports

Designating

Authenticator

Ports

You have to designate ports as authenticator ports before you can
configure their settings. There are three DOT1X PORT-CONTROL
commands for designating authenticator ports. The command you use is
determined by whether or not the switch is part of an active network.

If the switch is not part of an active network or is not forwarding traffic, you
can use the DOT1X PORT-CONTROL AUTO command to designate the
authenticator ports. This command designates ports such that they
immediately begin to function as authenticator ports, blocking all traffic
until supplicants log on to the RADIUS server. This example of the
command configures ports 1 and 5 to immediately commence functioning
as authenticator ports.

awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.1,port1.0.5
awplus(config-if)# dot1x port-control auto

Using the DOT1X PORT-CONTROL AUTO command when the switch is
part of a live network interrupts network operations because the
designated ports stop forwarding traffic until the clients log on. If your
switch is part of an active network, the DOT1X PORT-CONTROL FORCE-
AUTHORIZED command would probably be more appropriate because
the authenticator ports continue forwarding packets without any
authentication. This example of the command designates port 16 as an
authenticator port that is to continue to forward packets:

awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.16
awplus(config-if)# dot1x port-control force-authorized

Designating the

Authentication

Methods

After designating a port as an authenticator port, you have to designate its
authentication method. The authentication method of a port can be either
an 802.1x username and password combination or MAC address. The
methods are explained in “Authentication Methods for Authenticator Ports”
on page 867.

You do not have to enter any command to set a port to 802.1x username
and password authentication because that is the default setting. But to
configure a port to the MAC address authentication method, you use the
AUTH-MAC ENABLE command. This example configures port 16 as an
authenticator port that uses the MAC address authentication method:

See also other documents in the category Allied Telesis Computer hardware: