Allied Telesis AT-S63 User Manual
Page 726
Chapter 31: 802.1x Port-based Network Access Control
726
Section VII: Port Security
Figure 251. Single Operating Mode with Multiple Clients Using the Piggy-
back Feature - Example 1
Because the piggy-back mode is activated on the authenticator port, only
one client needs to have the 802.1x client software and be given a
username and password combination, which, in the example, is client 1.
After client 1 has logged on, the authenticator port on the AT-9400 Series
switch forwards all packets, even the traffic from those clients that do not
have 802.1x client software and, consequently, have not logged on.
As mentioned early, should the client who performed the initial log on fail
to reauthenticate when necessary or log out, the port reverts to the
unauthenticated state, blocking all traffic to and from all clients.
If the clients are connected to an 802.1x-compliant device, such as
another AT-9400 Series switch, you can automate the initial log on and
reauthentications by configuring one of the switch ports as a supplicant
with a username and password combination. In this manner, the log on is
performed automatically whenever the switch is reset or power cycled, as
well as the reauthentications. This eliminates the need for relying on an
individual to perform the task.
AT-9400 Series Switch
FAULT
RPS
MASTER
POWER
CLASS 1
LASER PRODUCT
STATUS
TERMINAL
PORT
1
3
5
7
9
11
2
4
6
8
10
12
13
15
17
19
21
23R
14
16
18
20
22
24R
AT-9424T/SP
Gigabit Ethernet Switch
1
3
5
7
9
11
13
15
17
19
21
23R
2
4
6
8
10
12
14
16
18
20
22
24R
23
24
L/A
D/C
D/C
L/A
D/C
L/A
1000 LINK / ACT
HDX / COL
FDX
10/100 LINK / ACT
PORT ACTIVITY
L/A
1000 LINK / ACT
SFP
SFP
24
SFP
23
RADIUS
Authentication
Server
Port 6
Role: Authenticator
Operating Mode: Single
Piggy-back Mode: Enabled
Ethernet Hub or
Non-802.1x-compliant
Switch
Client 1 with
802.1x Client
Software
Clients without
802.1x Client
Software