beautypg.com

Allied Telesis AT-S62 User Manual

Page 615

background image

AT-S62 Menus Interface User’s Guide

Section VI: Port Security

615

❑ If a switch port set to the supplicant role is connected to a port on

another switch that is not set to authenticator, the port, after a
timeout period, will assume that it can send traffic without having
to log on.

❑ A username and password combination is not tied to the MAC

address of an end node. This allows end users to use the same
username and password when working at different workstations.

❑ Once a supplicant has successfully logged on, the MAC address of

the end node is added to the switch’s MAC address table as an
authenticated address. It remains in the table until the end user
logs off the network or does not respond to a reauthentication
request. Only then is the address removed. The MAC aging time
does not apply to authenticated MAC addresses.

Note

End users of port-based access control should be instructed to
always log off when they are finished with a work session. This will
prevent unauthorized individuals from accessing the network
through unattended network workstations.

❑ You cannot use the MAC address port security feature, described

in Chapter 29, MAC Address Security on page 598, on ports that
are set to the authenticator or supplicant role. A port’s MAC
address security level must be Automatic.

❑ There should be only one port in the authenticator role between

a supplicant and the authentication server.

❑ The Authentication Menu for configuring the RADIUS client

software has the selection “1 - Server-based Authentication.” This
option does not apply to the 802.1x port-based access control,
but only to manager accounts, as described in Chapter 35, RADIUS
and TACACS+ Authentication Protocols on page 696. It does not
need to be toggled to Enabled for the switch to use the RADIUS
configuration information for port-based access control. If you
want to use 802.1x port-based access control but not use new
manager accounts, the menu selection should be set to Disabled.

❑ An authenticator port can be tagged or untagged.

❑ When 802.1x port-based access control is activated on a switch,

the feature polls all RADIUS servers specified in the RADIUS
configuration. If three servers have been configured, the switch
polls all three. If server 1 responds, all future requests go only to
that server. If server 1 stops responding, the switch again polls all
RADIUS servers. If server 2 responds, but not server 1, then all

See also other documents in the category Allied Telesis Computer hardware: