beautypg.com

Allied Telesis AT-S62 User Manual

Page 565

background image

AT-S62 Management Software Command Line Interface User’s Guide

Section VI: Port Security

565

set portaccess=8021x port=22 role=authenticator mode=multi

The following command assigns the Guest VLAN “Product_show” to
authenticator ports 5 and 12. The ports function as untagged members of
the VLAN and allow any network user access to the VLAN without logging
on. However, should a port start to receive EAPOL packets, it assumes
that a supplicant is initiating a log on and changes to the unauthorized
state. After the log on is completed, the port moves to its predefined VLAN:

set portaccess=8021x port=5,12 role=authenticator
guestvlan=product_show

The following command configures port 15 as an authenticator port. This
example assumes that the user accounts on the RADIUS server have
VLAN assignments. With the VLANASSIGNMENT parameter set to
enabled, the port processes the VLAN assignment it receives from the
RADIUS server when a client logs on. Had this parameter been disabled,
the port would ignore the VLAN assignment and leave the port in its
predefined VLAN assignment. The VLAN assignment of the port is
determined by the initial log on by a client. With the SECUREVLAN
parameter set to enabled, only those subsequent supplicants having the
same VLAN assignment as the initial supplicant are allowed to use the
port:

set portaccess=8021x port=15 role=authenticator mode=multi
vlanassignment=enabled securevlan=on

The following command sets port 7 to the authenticator role, the quiet
period on the port to 30 seconds, and the server timeout period to 200
seconds:

set portaccess=8021x port=7 role=authenticator
quietperiod=30 servtimeout=200

The following command configures authenticator port 5 to the multiple
operating mode:

set portaccess=8021x port=5 role=authenticator mode=multi

The following command configures authenticator port 5 to the single
operating mode and disables piggy backing:

set portaccess=8021x port=5 role=authenticator mode=single
piggyback=disabled

The following command disables port-based access control on ports 12
and 15:

set portaccess=8021x port=12,15 role=none

See also other documents in the category Allied Telesis Computer hardware: