beautypg.com

Overview – Allied Telesis AT-S106 User Manual

Page 166

background image

Chapter 14: 802.1x Port-based Network Access Control

166

Overview

802.1x Port-based Network Access Control (IEEE 802.1x) is used to
control who can send traffic through and receive traffic from a switch port.
With this feature, the switch does not allow an end node to send or receive
traffic through a port until the user of the node logs on by entering a user
name and password.

This feature can prevent an unauthorized individual from connecting a
computer to a port or using an unattended workstation to access your
network resources. Only those users to whom you have assigned a user
name and password are able to use the switch to access the network.

This feature can be used with one of two authentication methods:

ˆ

The RADIUS authentication protocol requires that a remote
RADIUS server is present on your network. The RADIUS server
performs the authentication of the user name and password
combinations. See “Configuring 802.1x Port-based Network
Access Control” on page 173.

Note

RADIUS with Extensible Authentication Protocol (EAP) extensions
is the only supported authentication server for this feature.

ˆ

The Dial-in User (local) authentication method allows you to set up
the authentication parameters internally in the switch without an
external server. In this case, the user name and password
combinations are entered in the associated with an optional VLAN
when they are defined. Based on these entries in the AT-S106
Management software configuration, the authentication process is
done locally by the AT-S106 Management software using a
standard EAPOL transaction.

Following are several terms to keep in mind when using this feature.

ˆ

Supplicant - A supplicant is an end user or end node that wants to
access the network through a switch port. A supplicant is also referred
to as a client.

ˆ

Authenticator - The authenticator is a port on the switch that prohibits
network access by a supplicant until the network user has entered a
valid user name and password.

ˆ

Authentication server - The authentication server is the network device
that performs the authentication. This function may be performed by a
remote RADIUS server or locally by the AT-S106 Management
software. Whether the switch is configured to use a remote or local

See also other documents in the category Allied Telesis Computer hardware: