beautypg.com

Port access control, Overview – Allied Telesis AT-GS950/8 User Manual

Page 244

background image

Chapter 18: Security

244

Port Access Control

This section contains information and configuration procedures for the
Port-based Access Control. This section includes the following sections:

“Overview” on page 244

“Port Access Control Configuration” on page 245

Note
After configuring the Port-based Network Access Control, you can
choose to use either the local authentication server in the AT-S107
for 802.1x authentication or a remote RADIUS server for 802.1x
authentication. See “Dial-in User - Local Authentication” on
page 252 or “RADIUS Client” on page 249.

Overview

Port-based Network Access Control (IEEE 802.1x) is used to control who
can send traffic through and receive traffic from a switch port. With this
feature, the switch does not allow an end node to send or receive traffic
through a port until the user of the node logs on by entering a user name
and password.

This feature can prevent an unauthorized individual from connecting a
computer to a port or using an unattended workstation to access your
network resources. Only those users to whom you have assigned a user
name and password are able to use the switch to access the network.

This feature can be used with one of two authentication methods:

The RADIUS authentication protocol requires that a remote
RADIUS server is present on your network. The RADIUS server
performs the authentication of the user name and password
combinations. See “Port Access Control Configuration” on
page 245 and “RADIUS Client” on page 249 for more information.

The Dial-in User (local) authentication method allows you to set up
the authentication parameters internally in the switch without an
external server. In this case, the user name and password
combinations are entered in the associated with an optional VLAN
when they are defined. Based on these entries, the authentication
process is done locally by the AT-S107 using a standard EAPOL
transaction.

Note
RADIUS with Extensible Authentication Protocol (EAP) extensions
is the only supported authentication server for this feature.

See also other documents in the category Allied Telesis Computer hardware: