Allied Telesis AT-S63 User Manual

AT-S63 Management Software Menus Interface User’s Guide

Section VII: Port Security

733

Note

End users of 802.1x port-based network access control should be
instructed to always log off when they are finished with a work
session. This prevents unauthorized individuals from accessing the
network through unattended network workstations.

ˆ

You cannot use the MAC address port security feature, described in
Chapter 30, “MAC Address-based Port Security” on page 709, on
switch ports that are set to the authenticator or supplicant role. A port’s
MAC address security level must be Automatic.

ˆ

An authenticator port can be tagged or untagged.

ˆ

An authenticator port cannot be part of a static port trunk, LACP port
trunk, or port mirror.

ˆ

GVRP must be disabled on an authenticator port.

ˆ

When 802.1x Port-based Network Access Control is activated on a
switch, the feature polls all RADIUS servers specified in the RADIUS
configuration. If three servers have been configured, the switch polls
all three. If server 1 responds, all future requests go only to that server.
If server 1 stops responding, the switch again polls all RADIUS
servers. If server 2 responds, but not server 1, then all future requests
go to servers 1 and 2. If only server 3 responds, then all future
requests go to all three servers.

ˆ

The AT-S63 management software only supports EAP-MD5
authentication for both authenticators and supplicants.