beautypg.com

Allied Telesis AT-S62 User Manual

Page 336

background image

Chapter 25: 802.1x Port-based Network Access Control

336

Section VI: Port Security

3. Adjust the parameters as needed. The parameters are described

below:

Authenticator Mode
This parameter can take the following values on an authenticator port:

ˆ

802.1x: Specifies 802.1x username and password authentication.
With this authentication method the supplicant must provide, either
manually or automatically, a username and password to the
authenticator port. Supplicant nodes must have 802.1x client
software for this authentication method.

ˆ

MAC Based: Specifies MAC address-based authentication. The
authenticator port extracts the source MAC address from the initial
frames received from a supplicant and automatically sends the
address as both the username and password of the supplicant to
the authentication server. Supplicant nodes do not need 802.1x
client software for this authentication method.

Supplicant Mode
This parameter sets the supplicant mode of an authenticator port and
can take the following values:

ˆ

Single: Configures the port to allow only one authentication. This
authenticator mode should be used together with the piggy-back
mode. When an authenticator port is set to the Single mode and
the piggy-back mode is disabled, only the authenticated client can
use the port. Packets from or to other clients on the port are
discarded. If piggy-back mode is enabled, other clients can piggy-
back onto another client’s authentication and so be able to use the
port.

ˆ

Multiple: Configures the port to accept up to 20 authentications.
Every client using an authenticator port in this mode must have a
username and password combination.

Port Control
The possible settings are:

Auto - Activates 802.1x port-based authentication and causes the port
to begin in the unauthorized state, allowing only EAPOL frames to be
sent and received through the port. The authentication process begins
when the link state of the port changes or the port receives an EAPOL-
Start packet from a supplicant. The switch requests the identity of the
client and begins relaying authentication messages between the client
and the authentication server. This is the default setting.

Force-authorized - Disables IEEE 802.1X port-based authentication
and causes the port to transition to the authorized state without any
authentication exchange required. The port transmits and receives
normal traffic without 802.1x-based authentication of the client.

See also other documents in the category Allied Telesis Computer hardware: