Port roles – Allied Telesis AT-S63 User Manual

Page 722

background image

Chapter 31: 802.1x Port-based Network Access Control

722

Section VII: Port Security

Port Roles

Part of the task of implementing this feature is specifying the roles of the
ports on the switch. A port can have one of three roles:

ˆ

None

ˆ

Authenticator

ˆ

Supplicant

None Role

A switch port in the None role does not participate in port-based access
control. Any device can connect to the port and send traffic through it and
receive traffic from it without providing a username and password. This is
the default setting for the switch ports.

Set a port to this role if you do not want to require its client to log on to use
the network. This is also the correct role for a port that is connected to an
authentication server. Because an authentication server cannot
authenticate itself, the switch port to which it is connected must be set to
this role.

Authenticator Role

Placing a switch port in the authenticator role activates port access control
on the port. A port in the role of authenticator does not forward network
traffic to or from the end node until the client has entered a username and
password and the authentication server has validated them.

Determining whether a switch port should be set to the authenticator role
is straightforward. If you want the user of the end node connected to the
port to log in before using the network, then you should set the switch port
to the authenticator role.

Figure 248 illustrates this concept. Port 2 on the switch has been set to the
authenticator role because it is connected to an end node with 802.1x
client software. The end user at the workstation must log on to use the
network.