An authenticator port can be tagged or untagged – Allied Telesis AT-S63 User Manual

Page 655

AT-S63 Management Software Menus Interface User’s Guide

Section IV: Port Security

655

the network. Only then is the address removed. The address is not
timed out, even if the end node becomes inactive.

Note

End users of port-based access control should be instructed to
always log off when they are finished with a work session. This
prevents unauthorized individuals from accessing the network
through unattended network workstations.

You cannot use the MAC address port security feature, described in
Chapter 27, “Port Security” on page 637, on switch ports that are set to
the authenticator or supplicant role. A port’s MAC address security
level must be Automatic.

There should be only one port in the authenticator role between a
client and the authentication server.

A switch port in the authenticator role transmits broadcast and
multicast traffic even when the client connected to the port has not
logged on.

An authenticator port can be tagged or untagged.

Set ports used to interconnect switches to the none role. This is
illustrated in Figure 235.

Figure 235. Port-based Authentication Across Multiple Switches

Switch A

Switch B

FAULT

RPS

MASTER

POWER

CLASS 1

LASER PRODUCT

STATUS

TERMINAL

PORT

23R

24R

AT-9424T/SP

Gigabit Ethernet Switch

23R

24R

L/A

D/C

L/A

D/C

L/A

1000 LINK / ACT

HDX / COL

FDX

10/100 LINK / ACT

PORT ACTIVITY

L/A

1000 LINK / ACT

SFP

Port 6 in
None
Role

Port 22 in
None Role

Port 21 in
None Role

FAULT

RPS

MASTER

POWER

CLASS 1

LASER PRODUCT

STATUS

TERMINAL

PORT

23R

24R

AT-9424T/SP

Gigabit Ethernet Switch

23R

24R

L/A

D/C

L/A

D/C

L/A

1000 LINK / ACT

HDX / COL

FDX

10/100 LINK / ACT

PORT ACTIVITY

L/A

1000 LINK / ACT

SFP

RADIUS
Authentication
Server

Ports in
Authenticator Role

Supplicants with
802.1x Client Software