At-9400 switch (b) – Allied Telesis AT-S63 User Manual

Page 366

background image

Chapter 31: 802.1x Port-based Network Access Control

366

Section VIII: Port Security

If the clients are connected to an 802.1x-compliant device, such as
another AT-9400 Switch, you can automate the initial log on and
reauthentications by configuring one of the switch ports as a supplicant. In
this manner, the log on and reauthentications are performed
automatically, eliminating the need for relying on an individual to perform
the task. This scenario is illustrated in Figure 42.

Figure 42. Single Operating Mode with Multiple Clients Using the Piggy-

back Feature - Example 2

None of the workstations connected to switch B need to be authenticated
or require 802.1x client software when accessing switch A because the log
on to switch A and the subsequent reauthentications are performed
automatically by the supplicant port on switch B, which is connected to an
authenticator port on switch A with piggy-back mode enabled. It should be
noted, however, that in this particular scenario the clients have full access
to the resources of switch B even if the switch fails to log on or
reauthenticate to switch A.

The example in the next figure again illustrates two 802.1x-compliant
switches. The primary difference between this and the previous example
is that the clients in the previous example did not have to log on to access
switch B. In this example the clients have to log on to have any access at
all to the network.

AT-9400 Switch (A)

FAULT

RPS

MASTER

POWER

CLASS 1

LASER PRODUCT

STATUS

TERMINAL

PORT

1

3

5

7

9

11

2

4

6

8

10

12

13

15

17

19

21

23R

14

16

18

20

22

24R

AT-9424T/SP

Gigabit Ethernet Switch

1

3

5

7

9

11

13

15

17

19

21

23R

2

4

6

8

10

12

14

16

18

20

22

24R

23

24

L/A

D/C

D/C

L/A

D/C

L/A

1000 LINK / ACT

HDX / COL

FDX

10/100 LINK / ACT

PORT ACTIVITY

L/A

1000 LINK / ACT

SFP

SFP

24

SFP

23

RADIUS
Authentication
Server

Port 6
Role: Authenticator
Operating Mode: Single
Piggy-back Mode: Enabled

Port 11
Role: Supplicant
Username: sales_switch
Password: wind4411

FAULT

RPS

MASTER

POWER

CLASS 1

LASER PRODUCT

STATUS

TERMINAL

PORT

1

3

5

7

9

11

2

4

6

8

10

12

13

15

17

19

21

23R

14

16

18

20

22

24R

AT-9424T/SP

Gigabit Ethernet Switch

1

3

5

7

9

11

13

15

17

19

21

23R

2

4

6

8

10

12

14

16

18

20

22

24R

23

24

L/A

D/C

D/C

L/A

D/C

L/A

1000 LINK / ACT

HDX / COL

FDX

10/100 LINK / ACT

PORT ACTIVITY

L/A

1000 LINK / ACT

SFP

SFP

24

SFP

23

Client Ports:
Role: None

Unauthenticated

Clients

AT-9400 Switch (B)