beautypg.com

1x port-based access control overview – Allied Telesis AT-S62 User Manual

Page 608

background image

Chapter 30: 802.1x Port-based Access Control

Section VI: Port Security

608

802.1x Port-based Access Control Overview

The AT-S62 management software provides you with several different
methods for protecting your network and its resources from
unauthorized access. For instance, Chapter 29, MAC Address Security on
page 598, explains how you can restrict network access based on the
MAC addresses of the end nodes.

This chapter explains yet another way. This method is referred to as port-
based access control (IEEE 802.1x). It uses the RADIUS authentication
protocol to control who can send traffic through and receive traffic from
a switch port. With this feature you can configure the switch so that it
does not allow an end node to send or receive traffic through a port until
the user of the node has logged on by entering a username and
password that the RADIUS server validates.

The benefit to this type of network security is obvious. Only those users
to whom you have assigned valid usernames and passwords will be able
to use the switch to access the network. This can prevent an
unauthorized individual from connecting a computer to a port on the
switch or using an unattended workstation to access your network
resources.

This port security method uses the RADIUS authentication protocol. The
AT-S62 software comes with RADIUS client software. If you have already
read Chapter 35, RADIUS and TACACS+ Authentication Protocols on
page 696, then you know that you can also use the RADIUS client
software on the switch, along with a RADIUS server on your network, to
create new manager accounts that control who can manage and change
the AT-S62 parameters on the switch.

Note

RADIUS with Extensible Authentication Protocol (EAP) extensions is
the only supported authentication server for port-based access
control. This feature is not supported with the TACACS+
authentication protocol. Since the switch can support only one
authentication protocol at a time, you must use the RADIUS
protocol if you want to implement port-based access control as
explained in this chapter, and create new manager accounts as
explained in Chapter 35.

Here are a few terms to keep in mind when using this feature.

❑ Supplicant - A supplicant is an end user or end node that wants to

access the network through a port. A supplicant is also referred to
as a client.

See also other documents in the category Allied Telesis Computer hardware: