Port-based access control guidelines – Allied Telesis AT-S62 User Manual

Chapter 24: 802.1x Port-based Access Control

Section VI: Port Security

470

3. You must configure the RADIUS client software in the AT-S62

management software. You will need to provide the following
information:

❑ The IP addresses of up to three RADIUS servers.

❑ The encryption key used by the authentication servers.

The instructions for this step are in Configuring Authentication
Protocol Settings on page 557.

4. You must configure the port access control settings on the switch.

This involves the following:

❑ Specifying the port roles.

❑ Configuring 802.1x port parameters.

❑ Enabling 802.1x port access control.

The instructions for this step are found in this chapter.

5. Finally, if you want to use RADIUS accounting to monitor the

supplicants connected to the ports, you must configure the service
on the switch, as explained in Configuring RADIUS Accounting on
page 483.

Port-based

Access Control

Guidelines

Here are the guidelines to using this feature:

❑ Ports operating under port-based access control do not support

port trunking or dynamic MAC address learning.

❑ The appropriate port role for a port on an AT-8524M switch

connected to an authentication server is None.

❑ The verification process between a supplicant and the

authentication server does not allow for tagged packets.
Consequently, each VLAN that contains clients must have a
separate authentication server and the server must be connected
to a port that is an untagged member of the VLAN in which the
supplicants are members.

❑ If a switch port set to the supplicant role is connected to a port on

another switch that is not set to authenticator, the port, after a
timeout period, will assume that it can send traffic without having
to log on.

❑ Allied Telesyn does not recommend connecting more than one

supplicant to an authenticator port on the switch.