beautypg.com

General steps, Port-based network access control guidelines – Allied Telesis AT-S101 User Manual

Page 161

background image

AT-S101 Management Software User’s Guide

161

node is the RADIUS authentication server. Since the server cannot
authenticate itself, its port must be set to Force-authorized in order for
it to pass traffic through the port.

ˆ

Port 8 is set to Force-unauthorized to prevent anyone from using
the port.

As mentioned earlier, the switch does not authenticate the user names
and passwords from the clients. That is the responsibility of the
authentication server, which contains the RADIUS server software.
Instead, a switch acts as an intermediary for the authentication server by
denying access to the network by the client until the client has provided a
valid username and password, which the authentication server validates.

General Steps

Following are the general steps to implementing 802.1x Port-based
Network Access Control:

1. You must install RADIUS server software on one or more of your

network servers or management stations. Authentication protocol
server software is not available from Allied Telesis. Consult the
vendor’s documentation for server installation instructions.

2. Install 802.1x client software on those workstations that will act as

supplicants.

3. You must configure and activate the RADIUS client software in the

AT-S101 Management Software. The default setting for the
authentication protocol is disabled. You need to provide the following
information:

ˆ

The IP address of a RADIUS servers.

ˆ

The encryption key used by the authentication server.

For instructions, refer to Chapter 18, “RADIUS Authentication Protocol”
on page 207.

4. Configure the authenticator port settings, as explained in “Configuring

802.1x Port-based Network Access Control” on page 165 in this
chapter.

Port-based

Network Access

Control

Guidelines

Following are the guidelines for using this feature:

ˆ

Ports set to Auto do not support port trunking or dynamic MAC address
learning.

ˆ

The appropriate setting for a port on an AT-GS950/8POE switch
connected to an authentication server is Force-authorized, the default
setting. This is because an authentication server cannot authenticate
itself.

See also other documents in the category Allied Telesis Computer hardware: