beautypg.com

Allied Telesis AT-S62 User Manual

Page 667

background image

AT-S62 Management Software Menus Interface User’s Guide

Section VI: Port Security

667

1 - Supplicant Mode
This parameter can take the following values on an authenticator port:

ˆ

Single: Configures the authenticator port to accept only one
authentication. This supplicant mode should be used together with
the piggy-back mode. When an authenticator port is set to the
Single mode and the piggy-back mode is disabled, only the one
client who is authenticated can use the port. Packets from or to
other clients on the port are discarded. If piggy-back mode is
enabled, other clients can piggy-back onto another client’s
authentication and so be able to use the port.

ˆ

Multiple: Configures the authenticator port to accept up to 20
authentications. Every client using an authenticator port in this
mode must have a username and password combination.

For addition information, refer to “Authenticator Ports with Single and
Multiple Supplicants” on page 649.

2 - Port Control
The possible settings for this parameter are:

Auto - Enables 802.1x port-based authentication and causes the port
to begin in the unauthorized state, allowing only EAPOL frames to be
sent and received through the port. The authentication process begins
when the link state of the port changes or the port receives an EAPOL-
Start packet from a supplicant. The switch requests the identity of the
client and begins relaying authentication messages between the client
and the authentication server. Each client that attempts to access the
network is uniquely identified by the switch using the client's MAC
address. This is the default setting.

Force-authorized - Disables IEEE 802.1X port-based authentication
and causes the port to transition to the authorized state without any
authentication exchange required. The port transmits and receives
normal traffic without 802.1x-based authentication of the client.

Note

A supplicant connected to an authenticator port set to force-
authorized must have 802.1x client software if the port is configured
for the 802.1x authentication mode. Though this setting precludes
an authentication exchange, the supplicant must still have the client
software. Supplicants without 802.1 client software cannot forward
traffic through an authenticator port set to force-authorized.

Force-unauthorized - Causes the port to remain in the unauthorized
state, ignoring all attempts by the client to authenticate. The switch
cannot provide authentication services to the client through the
interface

See also other documents in the category Allied Telesis Computer hardware: