beautypg.com

General steps network access control guidelines, General steps, Network access control guidelines – Allied Telesis AT 8000/8POE User Manual

Page 180

background image

Chapter 13: 802.1x Network Access Control

180

Section I: Using the Menus Interface

As mentioned earlier, the switch itself does not authenticate the user
names and passwords from the clients. That is the responsibility of the
authentication server, which contains the RADIUS server software.
Instead, a switch acts as an intermediary for the authentication server by
denying access to the network by the client until the client has provided a
valid username and password, which the authentication server validates.

General Steps

Following are the general steps to implementing 802.1x Network Access
Control:

1. You must install RADIUS server software on one or more of your

network servers or management stations. Authentication protocol
server software is not available from Allied Telesis.

2. You need to install 802.1x client software on those workstations that

are to be supplicants.

3. You must configure and activate the RADIUS client software in the

AT-S81 management software. The default setting for the
authentication protocol is disabled. You will need to provide the
following information:

The IP address of a RADIUS servers.

The encryption key used by the authentication server.

For instructions, refer to Chapter 14, “RADIUS Authentication
Protocol” on page 189.

4. You must configure the authenticator port settings, as explained in

“Configuring 802.1x Network Access Control” on page 183 in this
chapter.

Network Access

Control

Guidelines

Following are the guidelines for using this feature:

Ports set to Auto do not support port trunking or
dynamic MAC address learning.

The appropriate setting for a port on an AT-8000/8POE
Fast Ethernet Switch connected to an authentication
server is Force-authorized, the default setting. This is
because an authentication server cannot authenticate
itself.

The authentication server must be a member of the
Default VLAN by communicating with the switch
through a port that is an untagged member of the
Default VLAN.

Allied Telesis does not support connecting more than
one supplicant to an authenticator port on the switch.
The switch allows only one supplicant to log on per
port.

See also other documents in the category Allied Telesis Computer Accessories: