Port roles – Allied Telesis AT-S62 User Manual

Chapter 24: 802.1x Port-based Access Control

Section VI: Port Security

466

Port Roles

Part of the task to implementing this feature is specifying the roles of the
ports on the switch. A port can have one of three roles:

❑ None

❑ Authenticator

❑ Supplicant

None Role

A port in the none role does not participate in port-based access control.
Any device can connect to the port and send traffic through it and
receive traffic from it without having to provide a username and
password. This is the default setting for a port.

You set a port to this role if you do not want the user or end node to
have to log on to use the network. This also happens to be the correct
role for a port that’s connected to an authentication server. Since an
authentication server cannot authenticate itself, the port to which it is
connected must be set to this role.

Authenticator Role

Placing a port in the authenticator role activates port access control on
the port. A port in the role of authenticator will not forward network
traffic to or from the end node until the client has entered a username
and password that the authentication server has validated.

Determining whether a port should be set to the authenticator role is
straightforward. If you want the user of the end node connected to the
port to log in before using the network, then you should set the port to
the authenticator role.

Figure 153 illustrates this concept. Port 2 on the switch has been set to
the authenticator role because it is connected to an end node with
802.1x client software. The end user at the workstation must log on to
use the network.