beautypg.com

Allied Telesis AT-S62 User Manual

Page 338

background image

Chapter 25: 802.1x Port-based Network Access Control

338

Section VI: Port Security

Server Timeout
Sets the timer used by the switch to determine authentication server
timeout conditions. The default value for this parameter is 10 seconds.
The range is 1 to 60 seconds.

Control Direction
Specifies how the port handles ingress and egress broadcast and
multicast packets when in the unauthorized state. When a port is set to
the Authenticator role, it remains in the unauthorized state until the
client logs on by providing a username and password combination. In
the unauthorized state, the port only accepts EAP packets from the
client. All other ingress packets that the port might receive from the
client, including multicast and broadcast traffic, are discarded until the
supplicant has logged in. The options are:

Ingress - A port, when in the unauthorized state, discards all ingress
broadcast and multicast packets from the client, but forwards all
egress broadcast and multicast traffic to the same client.

Both - A port, when in the unauthorized state, does not forward ingress
or egress broadcast and multicast packets from or to the client until the
client logs in. This is the default.

Piggyback Mode
Controls who can use the switch port in cases where there are multiple
clients (e.g., the port is connected to an Ethernet hub). If set to
enabled, the port allows all clients on the port to piggy-back onto the
initial client’s authentication. The port forwards all packets, regardless
of the client, after one client has been authenticated. If set to Disabled,
the switch port forwards only those packets from the client who was
authenticated and discards packets from all other users.

VLAN Assignment
This parameter controls whether an authenticator port uses the VLAN
assignments returned by a RADIUS server. Options are:

ˆ

Enabled: Specifies that the authenticator port is to use the VLAN
assignment returned by the RADIUS server when a supplicant logs
on. This is the default setting. The port automatically moves to the
designated VLAN after the supplicant successfully logs on.

ˆ

Disabled: Specifies that the authenticator port ignore any VLAN
assignment information returned by the RADIUS server when a
supplicant logs on. The authenticator port remains in its predefined
VLAN assignment even if the RADIUS server returns a VLAN
assignment when a supplicant logs on. This is the default setting.

Secure VLAN
This parameter controls the action of an authenticator port to
subsequent authentications after the initial authentication where VLAN
assignments have been added to the user accounts on the RADIUS

See also other documents in the category Allied Telesis Computer hardware: