Configuring 802.1x access control – Allied Telesis AT-S83 User Manual

Chapter 18: Sample Configurations

368

Configuring 802.1x Access Control

The IEEE 802.1x Access Control specification restricts unauthenticated
devices from connecting to the switch. After authentication is successful,
traffic is permitted through the switch.

In the following configuration example, the RADIUS server keeps the
client information, validating the identity of the client and updating the
switch regarding the authentication of the client. The switch provides the
physical connection between two clients on interface 1 and 2, and the
server, interface 3. The switch requests information from the client and
relays the information to the server. Then the switch relays the information
to the client.

To configure 802.1x authentication, first enable authentication on
interfaces 1 and 2. Then specify the RADIUS server IP address on
interface 3. Perform the following procedure to configure 802.1x Access
Control on the switch:

1. Enter the Configuration Terminal mode:

switch# configure terminal

2. Enable authentication globally on the switch:

switch(config)# dot1x system-auth-ctrl

3. Enter the Interface mode and configure interface 1:

switch(config)#interface xe1

4. Enable authentication with RADIUS on interface 1:

switch(config-if)# dot1x port-control auto

5. Configure interface 2:

switch(config-if)#interface xe2

6. Enables authentication with RADIUS on interface 2.

switch(config-if)# dot1x port-control auto

7. Exit the Interface mode and enter the Configuration Terminal mode:

switch(config-if)#exit

8. Specify the IP address of the RADIUS server:

switch(config)#radius-server host 192.126.12.1