beautypg.com

1x port-based access control overview – Allied Telesis AT-S39 User Manual

Page 203

background image

AT-S39 User’s Guide

203

802.1x Port-based Access Control Overview

The AT-S39 management software has several different methods for
protecting your network and its resources from unauthorized access. For
instance, Chapter 6, Port Security on page 76, explains how you can
restrict network access by having the switch accept or discard packets
based on source MAC addresses.

This chapter explains yet another way. This method is referred to as port-
based access control (IEEE 802.1x). It uses the RADIUS protocol to control
who can send traffic through and receive traffic from a port. With this
feature, the switch will not allow an end node to send or receive traffic
through a port until the user of the node has logged on by entering a
username and password that the RADIUS server must validate.

The benefit to this type of network security is obvious. This feature can
prevent an unauthorized individual from connecting a computer to a
port or using an unattended workstation to access your network
resources. Only those users to whom you have assigned valid usernames
and passwords will be able to use the switch to access the network

This port security method uses the RADIUS authentication protocol. The
AT-S39 software comes with RADIUS client software. If you have already
read Chapter 17, TACACS+ and RADIUS Protocols on page 192, then
you know that you can also use the RADIUS client software on the
switch, along with a RADIUS server on your network, to create new
manager accounts that control who can manage and change the AT-S39
parameter on the switch.

Note

RADIUS with Extensible Authentication Protocol (EAP) extensions is
the only supported authentication server for this feature. This
feature is not supported with the TACACS+ authentication protocol.
Since the switch can support only one authentication protocol at a
time, you must use the RADIUS protocol if you want a switch to
support both the IEEE 802.1 port access control feature, as explained
in this chapter, and new manager accounts, as explained in Chapter
17, TACACS+ and RADIUS Protocols on page 192.

Here are a few terms to keep in mind when using this feature.

❑ Supplicant - A supplicant is an end user or end node that wants to

access the network through a port. A supplicant is also referred to
as a client.

❑ Authenticator - The authenticator is a port on the switch that

prohibits network access by a supplicant until the network user
has entered a valid username and password.

See also other documents in the category Allied Telesis Computer hardware: