Allied Telesis AT-S63 User Manual
Page 634

Chapter 36: 802.1x Port-based Network Access Control Commands
634
Section VIII: Port Security
Examples
The following command sets ports 4 to 6 to the authenticator role. The 
authentication method is set to 802.1x, meaning that the supplicants must 
have 802.1x client software and provide a username and password, either 
automatically or manually, when logging on and during reauthentications. 
The operating mode is set to Single and the piggy back mode to disabled. 
With these settings, only one supplicant can use each port. After a 
supplicant logs on, access by any other client to the same port is denied:
set portaccess=8021x port=4-6 role=authenticator mode=single 
piggyback=disabled
The next command is identical to the previous example, except the 
authentication method is MAC address-based, meaning the authenticator 
ports use the MAC addresses of the supplicants as the usernames and 
passwords. With MAC address-based authentication, an authenticator 
port automatically extracts the MAC address from the initial frames 
received from a supplicant and sends it to the RADIUS server. The 
supplicants do not need 802.1x client software. Again, as in the previous 
example, since the operating mode is Single and the piggy back mode is 
disabled, only one supplicant can use each port.
set portaccess=macbased port=4-6 role=authenticator 
mode=single piggyback=disabled
Note
The remaining examples are limited to the 802.1x authentication 
method, but apply equally to the MAC address-based authentication 
method.
The following command sets port 12 to the authenticator role and the 
operating mode to Single. The difference between this and the previous 
example is the piggy back mode is enabled. This configuration is 
appropriate when an authenticator port is supporting multiple clients, such 
as when a port is connected to an Ethernet hub, and you do not want to 
give each supplicant a separate username and password combination on 
the RADIUS server. With the piggy back mode enabled, all of the clients 
connected to the port can access it after one supplicant logs on:
set portaccess=8021x port=12 role=authenticator mode=single 
piggyback=enabled
The following command sets port 22 to the authenticator role and the 
operating mode to Multiple. This configuration is also appropriate where 
there is more than one supplicant on a port. But an authenticator port in 
the Multiple mode requires that all supplicants have their own username 
and password combinations on the RADIUS server and that they log on 
before they can use the authenticator port on the switch:
