Port-based access control guidelines – Allied Telesis AT-S62 User Manual

Chapter 30: 802.1x Port-based Access Control

Section VI: Port Security

614

3. You must configure the RADIUS client software in the AT-S62

management software. You will need to provide the following
information:

❑ The IP addresses of up to three RADIUS servers.

❑ The encryption key used by the authentication servers.

The instructions for this step are in Configuring Authentication
Protocol Settings on page 701.

4. You must configure the port access control settings on the switch.

This involves the following:

❑ Specifying the port roles.

❑ Configuring 802.1x port parameters.

❑ Enabling 802.1x port access control.

The instructions for this step are found in this chapter.

5. Finally, if you want to use RADIUS accounting to monitor the

supplicants connected to the ports, you must configure the service
on the switch, as explained in Configuring RADIUS Accounting on
page 627.

Port-based Access

Control

Guidelines

Here are the guidelines to using this feature:

❑ Ports operating under port-based access control do not support

port trunking or dynamic MAC address learning.

❑ The appropriate port role for a port on an AT-8500 Series switch

connected to an authentication server is None.

❑ The authentication server must be a member of the management

VLAN. For information on management VLANs, refer to Specifying
a Management VLAN on page 546.

❑ Allied Telesyn does not support connecting more than one

supplicant to an authenticator port on the switch. The switch
allows only one supplicant to log on per port.

Note

Connecting multiple supplicants to a port set to the authenticator
role does not conform to the IEEE 802.1x standard, can introduce
security risks and can result in undesired switch behavior. To avoid
this, Allied Telesyn recommends not using the authenticator role on
a port that is connected to more than one end node, such as a port
connected to another switch or a hub.