beautypg.com

Allied Telesis AT-S84 User Manual

Page 170

background image

Chapter 12: 802.1x Network Access Control

170

Section I: Using the Menus Interface

server. Each client that attempts to access the network is uniquely
identified by the switch using the client's MAC address.

ˆ

Force-unauthorized - Places the port in the unauthorized state,
ignoring all attempts by the client to authenticate. This port control
setting blocks all users from accessing the network through the port
and is similar to disabling a port and can be used to secure a port from
use. The port continues to forward EAPOL packets, but discards all
other packets, including multicast and broadcast packets.

ˆ

Force-authorized - Disables IEEE 802.1x authentication and causes
the port to transition to the authorized state without any authentication
exchange required. The port transmits and receives normal traffic
without 802.1x-based authentication of the client. This is the default
setting. Use this port control setting for those ports where there are
network devices that are not to be authenticated.

Figure 46 illustrates the concept of the authenticator port control settings.

Figure 46. Example of the Authenticator Role

ˆ

Port 2 is set to Auto. The end node connected to the port must use its
802.1x client software and provide a username and password to send
or receive traffic from the switch.

ˆ

Port 8 is set to the Force-authorized setting so that the end node
connected to the port does not have to provide a user name or
password to send or receive traffic from the switch. In the example, the
node is the RADIUS authentication server. Since the server cannot
authenticate itself, its port must be set to Force-authorized in order for
it to pass traffic through the port.

ˆ

Port 7 is set to Force-unauthorized to prevent anyone for using the
port.

793

AT-9000/24

24 Port Gigabit Ethernet Switch

1

3

5

7

9

11

13

15

17

19 21R 23R

2

4

6

8

10

12

14

16

18

20 22R 24R

POWER

21

22

23

24

SFP

LINK

ACT

1000

10/100

PORT ACTIVITY

RADIUS
Authentication

Server

Supplicant with
802.1x Client
Software

Port 2
802.1x Port Control
Setting: Auto

Port 17
802.1x Port Control:
Setting: Force-unauthorized

Port 20
802.1x Port Control:
Setting: Force-authorized

See also other documents in the category Allied Telesis Computer hardware: