beautypg.com

Port roles, None role, Authenticator role – Allied Telesis AT-S62 User Manual

Page 646: Port roles none role authenticator role

background image

Chapter 29: 802.1x Port-based Network Access Control

646

Section VI: Port Security

Port Roles

Part of the task of implementing this feature is specifying the roles of the
ports on the switch. A port can have one of three roles:

ˆ

None

ˆ

Authenticator

ˆ

Supplicant

None Role

A switch port in the None role does not participate in port-based access
control. Any device can connect to the port and send traffic through it and
receive traffic from it without being validated. This port setting is
appropriate if no validation is required for the network device connected to
the port. This is the default setting for the switch ports.

Note

Because a RADIUS authentication server cannot authenticate itself,
it must communicate with the switch through a port that is set to the
None role.

Authenticator

Role

Placing a switch port in the authenticator role activates port access control
on the port. A port in the role of authenticator does not forward network
traffic to or from the end node until the client has been authenticated by a
RADIUS server.

Determining whether a switch port should be set to the authenticator role
is straightforward. You should set a port on a switch to the authenticator
role if you want the user of the end node connected to the port to be
authenticated before being permitted to use the network.

Authentication Modes

The AT-8500 Series switch supports two authentication modes on an
authenticator port.

ˆ

802.1x username/password combination

In this authentication mode, each supplicant connected to an
authenticator port must be assigned a unique username and password
combination on the RADIUS server. A supplicant must provide the
information either manually or automatically when initially passing
traffic through an authenticator port and during reauthentications. The
802.1x client software on the supplicant either prompts the user for the
necessary information or provides the information automatically.

Assigning unique username and password combinations to your
network users and requiring the users to provide the information when
they initially send traffic through the switch can enhance network
security by limiting network access to only those supplicants who have
been assigned valid combinations. Another advantage is that the