Figure 49: example of the authenticator role – Allied Telesis AT-S101 User Manual

Chapter 14: 802.1x Port-based Network Access Control

160

ˆ

Force-unauthorized - Places the port in the unauthorized state,
ignoring all attempts by the client to authenticate. This port control
setting blocks all users from accessing the network through the port
and is similar to disabling a port and can be used to secure a port from
use. The port continues to forward EAPOL packets, but discards all
other packets, including multicast and broadcast packets.

ˆ

Force-authorized - Disables IEEE 802.1x port-based authentication
and causes the port to transition to the authorized state without any
authentication exchange required. The port transmits and receives
normal traffic without 802.1x-based authentication of the client. This is
the default setting. Use this port control setting for those ports that are
connected to network devices that are not to be authenticated.

Figure 49 illustrates the concept of the authenticator port control settings.

Figure 49. Example of the Authenticator Role

ˆ

Port 2 is set to Auto. The end node connected to the port must use its
802.1x client software and provide a username and password to send
or receive traffic from the switch.

ˆ

Port 7 is set to the Force-authorized setting so that the end node
connected to the port does not have to provide a user name or
password to send or receive traffic from the switch. In the example, the

1370

AT-GS950/8POE

8 Port 10/100/1000Mbps + 2 SFP Combo WebSmart Switch

SFP

SFP

CLASS 1

LASER PRODUCT

1

2

3

4

5

6

7R

7

8

8R

POWER

RESET

1

2

3

4

5

6

7R

8R

7

8

POE

100/1000Base-X

PORT ACTIVITY

ACT

1000 LINK

100 LINK

ACT

ACT

SFP

Port 7
802.1x Port Control:
Setting: Force-authorized

RADIUS
Authentication
Server

Port 8
802.1x Port Control:
Setting: Force-unauthorized

Port 2
802.1x Port Control
Setting: Auto

Supplicant with
802.1x Client
Software