Port roles, None role, Authenticator role – Allied Telesis AT-S62 User Manual
Page 646: Port roles none role authenticator role

Chapter 29: 802.1x Port-based Network Access Control
646
Section VI: Port Security
Port Roles
Part of the task of implementing this feature is specifying the roles of the 
ports on the switch. A port can have one of three roles:
None
Authenticator
Supplicant
None Role
A switch port in the None role does not participate in port-based access 
control. Any device can connect to the port and send traffic through it and 
receive traffic from it without being validated. This port setting is 
appropriate if no validation is required for the network device connected to 
the port. This is the default setting for the switch ports.
Note
Because a RADIUS authentication server cannot authenticate itself, 
it must communicate with the switch through a port that is set to the 
None role.
Authenticator
Role
Placing a switch port in the authenticator role activates port access control 
on the port. A port in the role of authenticator does not forward network 
traffic to or from the end node until the client has been authenticated by a 
RADIUS server.
Determining whether a switch port should be set to the authenticator role 
is straightforward. You should set a port on a switch to the authenticator 
role if you want the user of the end node connected to the port to be 
authenticated before being permitted to use the network.
Authentication Modes
The AT-8500 Series switch supports two authentication modes on an 
authenticator port.
802.1x username/password combination
In this authentication mode, each supplicant connected to an 
authenticator port must be assigned a unique username and password 
combination on the RADIUS server. A supplicant must provide the 
information either manually or automatically when initially passing 
traffic through an authenticator port and during reauthentications. The 
802.1x client software on the supplicant either prompts the user for the 
necessary information or provides the information automatically.
Assigning unique username and password combinations to your 
network users and requiring the users to provide the information when 
they initially send traffic through the switch can enhance network 
security by limiting network access to only those supplicants who have 
been assigned valid combinations. Another advantage is that the 
