Allied Telesis AT-S94 User Manual
Page 73
Configuring Device Security
Configuring Network Security
Page 73
The Port Authentication Settings Page contains the following port authentication parameters:
•
Port — Displays a list of interfaces on which port-based authentication is enabled.
•
User Name — Displays the supplicant user name.
•
Admin Port Control — Indicates the port state. The possible field values are:
•
Admin Port Control — Indicates the port state. The possible field values are:
–
Auto —Enables port-based authentication on the device. The interface moves between an authorized or
unauthorized state based on the authentication exchange between the device and the client.
–
ForceAuthorized — Indicates the interface is in an authorized state without being authenticated. The
interface re-sends and receives normal traffic without client port-based authentication.
–
ForceUnauthorized — Denies the selected interface system access by moving the interface into
unauthorized state. The device cannot provide authentication services to the client through the interface.
•
Current Port Control — Displays the current port authorization state. The possible field values are:
–
Authorized — Indicates the interface is in an authorized state.
–
Unauthorized — Denies the selected interface system access.
•
Action on Violation — Indicates the intruder action defined for the port. Indicates the action to be applied to
packets arriving on a locked port. The possible values are: The possible field values are:
–
Forward — Enables the forwarding of frames with source addresses that are not the supplicant’s
address, while not learning the source addresses.
–
Discard — Enables the discarding of frames with source addresses that are not the supplicant’s
address. This is the default value.
–
Shutdown — The port is shut down and enables the discarding of frames with source addresses that are
not the supplicant’s address.
•
Violation Notification — Indicates if the SNMP trap generated if there is a violation. The possible field
values are:
–
Enable — A notification is sent.
–
Disable — A notification is not sent.
•
Violation Notification Frequency — Enter the frequency to send notifications.
•
Enable Guest VLAN — Indicates if the Guest VLAN is enabled. The possible field values are:
–
Checked — Enables the Guest VLAN.
–
Unchecked — Disables the Guest VLAN. This is the default value.
•
Authentication Method — Defines the user authentication methods. MAC authentication ensures that end-
user stations meet security policies criteria, and protects networks from viruses. The possible values are:
–
802.1X Only – Enables only 802.1X authentication on the device.
–
MAC Only — Enables only MAC authentication on the device.
–
MAC + 802.1X – Enables MAC Authentication + 802.1X authentication on the device. In case of MAC+
802.1x, 802.1x takes precedence.
•
Enable Dynamic VLAN Assignment — Enables automatically assigning users to VLANs during RADIUS
server authentication. When a user is authenticated by the RADIUS server, the user is automatically joined to
the VLAN that is defined in the RADIUS server. The VLANs that cannot participate in DVA are:
–
An Unauthenticated VLAN.
–
A Dynamic VLAN that was created by GVRP.
–
A Voice VLAN.
–
A Default VLAN
–
A Guest VLAN: