Port-based access control guidelines – Allied Telesis AT-S39 User Manual

Section II: Local and Telnet Management

206

Note

This feature is not supported with the TACACS+ authentication
protocol.

2. You need to install 802.1x client software on those workstations that

are to be supplicants. Microsoft WinXP client software and Meeting
House Aegis client software have been verified as fully compatible
with the AT-S39 management software.

3. You must configure and activate the RADIUS client software in the

AT-S39 management software. The default setting for the
authentication protocol is disabled. You will need to provide the
following information:

❑ The IP addresses of up to three RADIUS servers.

❑ The encryption keys used by the authentication servers.

The instructions for this step are in Configuring the Authentication
Client Software on page 196.

4. You must configure the port access control settings on the switch.

This involves the following:

❑ Specifying the port roles.

❑ Configuring 802.1x port parameters.

❑ Enabling 802.1x port access control.

The instructions for this step are found in this chapter.

Port-based

Access Control

Guidelines

Here are the guidelines to using this feature:

❑ Ports operating under port-based access control do not support

port trunking or dynamic MAC address learning.

❑ The appropriate port role for a port on an switch connected to an

authentication server is None.

❑ The verification process between a supplicant and the

authentication server does not allow for tagged packets.
Consequently, each VLAN that contains clients must have a
separate authentication server and the server must be connected
to a port that is an untagged member of the VLAN in which the
supplicants are members.

❑ Allied Telesyn does not recommend connecting more than one

supplicant to an authenticator port on the switch.