beautypg.com

Allied Telesis AT-S62 User Manual

Page 644

background image

Chapter 29: 802.1x Port-based Network Access Control

644

Section VI: Port Security

IEEE 802.1x Port-based Network Access Control Overview

The AT-S62 management software offers you several different methods
for protecting your network and its resources from unauthorized access.
For instance, Chapter 28, “MAC Address-based Port Security” on page
633, explains how to restrict network access using the source MAC
addresses of the end nodes in your network.

This chapter explains yet another way. This method, referred to as 802.1x
port-based network access control, uses the RADIUS protocol to control
who can send traffic through and receive traffic from a switch port. When
implemented, this security method does not allow an end node to send or
receive traffic through a port until the user of the node has been
authenticated by a RADIUS server.

The benefit of this type of network security is obvious. You can use it to
prevent unauthorized individuals from connecting a computer to a switch
port or using an unattended workstation to access your network
resources. Only those users whom you have designated as valid network
users on the RADIUS server will be permitted to use the switch to access
the network.

This port security method uses the RADIUS authentication protocol. The
AT-S62 management software is shipped with RADIUS client software. If
you have already read Chapter 34, “TACACS+ and RADIUS
Authentication Protocols” on page 747, then you know that you can use
the RADIUS client software on the switch, along with a RADIUS server on
your network, to also create new manager accounts that control who can
manage and change the AT-S62 parameter on the switch.

Note

RADIUS with Extensible Authentication Protocol (EAP) extensions
is the only supported authentication protocol for 802.1x Port-based
Network Access Control. This feature is not supported with the
TACACS+ authentication protocol. The switch only supports one
authentication protocol at a time. Consequently, if you want to
implement 802.1 Port-based Network Access Control and also
create new manager accounts as explained in Chapter 34,
“TACACS+ and RADIUS Authentication Protocols” on page 747,
you must use the RADIUS protocol.

Following are several terms to keep in mind when you use this feature.

ˆ

Supplicant - A supplicant is an end user or end node that wants to
access the network through a switch port. A supplicant is also referred
to as a client.

See also other documents in the category Allied Telesis Computer hardware: