beautypg.com

Figure 249: example of the supplicant role, Figure 249. example of the supplicant role, Single – Allied Telesis AT-S63 User Manual

Page 724

background image

Chapter 31: 802.1x Port-based Network Access Control

724

Section VII: Port Security

Figure 249. Example of the Supplicant Role

Authenticator

Ports with Single

and Multiple

Supplicants

An authenticator port has two supplicant modes. The modes relate to the
number of clients that are using the port and, in situations where an
authenticator port is supporting more than one client, whether just one
client or all the clients must log on to use the switch port.

The operating modes are:

ˆ

Single

ˆ

Multiple

The Single operating mode is used in two situations. The first is when an
authenticator port supports only one client. In this scenario, the switch
allows only one client to log on and use the port.

You can also use the Single mode when an authenticator port supports
more than one client, but where only one client needs to log on in order for
all clients to use the port. This configuration can be useful in situations
where you want to add 802.1x port-based network access control to a
switch port that is supporting multiple clients, but do not want to assign
each client a username and password.

This is referred to as “piggy-backing.” After one client has successfully
logged, the port permits the other clients to piggy-back onto the initial
client’s log on, allowing all clients to forward packets through the port.

To implement this configuration, you have to set the operating mode of an
authenticator port to Single and also toggle the piggy-back mode feature.
When piggy-back is disabled, only one client is allowed to log on and use
the port. When this feature is enabled, an unlimited number of clients can
use the port after one client has successfully logged on.

Switch A

Switch B

FAULT

RPS

MASTER

POWER

CLASS 1

LASER PRODUCT

STATUS

TERMINAL

PORT

1

3

5

7

9

11

2

4

6

8

10

12

13

15

17

19

21

23R

14

16

18

20

22

24R

AT-9424T/SP

Gigabit Ethernet Switch

1

3

5

7

9

11

13

15

17

19

21

23R

2

4

6

8

10

12

14

16

18

20

22

24R

23

24

L/A

D/C

D/C

L/A

D/C

L/A

1000 LINK / ACT

HDX / COL

FDX

10/100 LINK / ACT

PORT ACTIVITY

L/A

1000 LINK / ACT

SFP

SFP

24

SFP

23

FAULT

RPS

MASTER

POWER

CLASS 1

LASER PRODUCT

STATUS

TERMINAL

PORT

1

3

5

7

9

11

2

4

6

8

10

12

13

15

17

19

21

23R

14

16

18

20

22

24R

AT-9424T/SP

Gigabit Ethernet Switch

1

3

5

7

9

11

13

15

17

19

21

23R

2

4

6

8

10

12

14

16

18

20

22

24R

23

24

L/A

D/C

D/C

L/A

D/C

L/A

1000 LINK / ACT

HDX / COL

FDX

10/100 LINK / ACT

PORT ACTIVITY

L/A

1000 LINK / ACT

SFP

SFP

24

SFP

23

Port 6
in
Authenticator
Role

Port 11
in Supplicant Role

RADIUS
Authentication
Server

See also other documents in the category Allied Telesis Computer hardware: