beautypg.com

1x port-based access control overview – Allied Telesis AT-S62 User Manual

Page 464

background image

Chapter 24: 802.1x Port-based Access Control

Section VI: Port Security

464

802.1x Port-based Access Control Overview

The AT-S62 management software provides you with several different
methods for protecting your network and its resources from
unauthorized access. For instance, Chapter 23, MAC Address Security on
page 454, explains how you can restrict network access based on the
MAC addresses of the end nodes in your network.

This chapter explains yet another way. This method is referred to as port-
based access control (IEEE 802.1x). It uses the RADIUS authentication
protocol to control who can send traffic through and receive traffic from
a switch port. With this feature, the switch will not allow an end node to
send or receive traffic through a port until the user of the node has
logged on by entering a username and password that the RADIUS server
validates.

The benefit to this type of network security is obvious. Only those users
to whom you have assigned valid usernames and passwords will be able
to use the switch to access the network. This can prevent an
unauthorized individual from connecting a computer to a port or using
an unattended workstation to access your network resources.

This port security method uses the RADIUS authentication protocol. The
AT-S62 software comes with RADIUS client software. If you have already
read Chapter 29, RADIUS and TACACS+ Authentication Protocols on
page 552, then you know that you can also use the RADIUS client
software on the switch, along with a RADIUS server on your network, to
create new manager accounts that control who can manage and change
the AT-S62 parameters on the switch.

Note

RADIUS with Extensible Authentication Protocol (EAP) extensions is
the only supported authentication server for this feature. This
feature is not supported with the TACACS+ authentication protocol.
Since the switch can support only one authentication protocol at a
time, you must use the RADIUS protocol if you want to implement
IEEE 802.1 port access control as explained in this chapter, and
create new manager accounts as explained in Chapter 29.

Here are a few terms to keep in mind when using this feature.

❑ Supplicant - A supplicant is an end user or end node that wants to

access the network through a port. A supplicant is also referred to
as a client.

❑ Authenticator - The authenticator is a port on the switch that

prohibits network access by a supplicant until the network user
has entered a valid username and password.

See also other documents in the category Allied Telesis Computer hardware: