beautypg.com

Port roles, General steps, Port roles general steps – Allied Telesis AT-S39 User Manual

Page 205

background image

AT-S39 User’s Guide

205

Port Roles

Part of the task to implementing this feature is specifying the roles of the
ports on the switch. A port can have one of two roles:

❑ None

❑ Authenticator

None Role

A port in the none role does not participate in port-based access control.
Any device can connect to the port and send traffic through it and
receive traffic from it without having to provide a username and
password. This is the default setting for a port.

You would set a port to this role if you did not want its client to have to
log on to use the network. This also happens to be the correct role for a
port that’s connected to an authentication server. Since an
authentication server cannot authenticate itself, the port to which it is
connected must be set to this role.

Authenticator Role

Placing a port in the authenticator role activates port access control on
the port. A port in the role of authenticator will not forward network
traffic to or from the end node until the client has entered a username
and password and the authentication server has validated them.

Determining whether a port should be set to the authenticator role is
straightforward. If you want the user of the end node connected to the
port to log in before using the network, then you should set the port to
the authenticator role.

As mentioned earlier, the switch itself does not authenticate the user
names and passwords from the clients. That is the responsibility of the
authentication server, which contains the RADIUS server software.
Instead, a switch simply acts as an intermediary for the authentication
server by denying access to the network by the client until the client has
provided a valid username and password, which the authentication
server validates.

General Steps

Here are the general steps to implementing 802.1x Port-based Access
Control and RADIUS accounting on the switch:

1. You must install RADIUS server software on one or more of your

network servers or management stations. Authentication protocol
server software is not available from Allied Telesyn. Funk Software
Steel-Belted Radius and Free Radius have been verified as fully
compatible with the AT-S39 management software.

See also other documents in the category Allied Telesis Computer hardware: