1x port-based access network control overview – Allied Telesis AT-S60 User Manual

Page 550

background image

Chapter 28: 802.1x Port-based Access Control

Section V: Security Features

550

802.1x Port-based Access Network Control Overview

The AT-S60 management software has several different methods for
protecting your network and its resources from unauthorized access.
This chapter explains yet another method of securing your network
using the port-based access control (IEEE 802.1x) feature.This feature
uses the RADIUS protocol to control who can send traffic through and
receive traffic from a port. With this feature, the switch does not allow an
end node to send or receive traffic through a port until the user of the
node has logged on by entering a username and password that the
RADIUS server validates.

The benefit to this type of network security is obvious. This feature can
prevent an unauthorized individual from connecting a computer to a
port or using an unattended workstation to access your network
resources. Only those users to whom you have assigned valid user
names and passwords are able to use the switch to access the network

This port security method uses the RADIUS authentication protocol. The
AT-S60 software comes with RADIUS client software. If you have already
read Chapter 27, TACACS+ and RADIUS Protocols on page 540, then you
know that you can also use the RADIUS client software on the switch,
along with a RADIUS server on your network, to create new manager
accounts that control who can manage and change the AT-S60
parameter on the switch.

Note

RADIUS with Extensible Authentication Protocol (EAP) extensions is
the only supported authentication server for this feature. The port-
based access control feature is not supported with the TACACS+
authentication protocol. The switch can support only one
authentication protocol at a time. Consequently, to implement IEEE
802.1 port-based access control as explained in this chapter, and
create new manager accounts as explained in Chapter 27, you must
use the RADIUS protocol.

Here are a few terms to keep in mind when using this feature.

❑ Supplicant - A supplicant is an end user or end node that wants to

access the network through a port. A supplicant is also referred to
as a client.

❑ Authenticator - The authenticator is a port on the switch that

prohibits network access by a supplicant until the network user
has entered a valid username and password.

See also other documents in the category Allied Telesis Computer hardware: