1x port-based network access control, The 802.1x implementation, Configuration example – Allied Telesis AT-S60 User Manual

Page 407: The 802.1x implementation configuration example

background image

Chapter 25: 802.1x Port-Based Access Control

Section III: Security Features

406

802.1x Port-Based Network Access Control

The IEEE 802.1x standard provides a method of restricting access to
networks based on authentication information. The 802.1x standard
provides port-based network access control for devices connected to
the Ethernet. This functionality allows a network controller to restrict
external devices from gaining access to the network behind a 802.1x
controlled port. External devices that wish to access services via a port
under 802.1x control must firstly authenticate themselves and gain
authorization before any packets originating from, or destined for, the
external device are allowed to pass through the 802.1x controlled port.

The 802.1x

Implementation

Port access control is achieved by making devices attached to a
controlled port authenticate themselves via communication with an
authentication server before these devices are allowed to access the
network behind the controlled port.

Authentication is required on a per-port basis.

The three main components of an 802.1x implementation are:

❑ the authenticator - the port on an AT-8400 switch that enforces

authentication before allowing access to services that are
accessible behind it.

❑ the supplicant - the port on a system that accesses services

offered by the authenticator’s system.

❑ the authentication server - a device that uses the authentication

credentials supplied by the supplicant, via the authenticator, to
determine if the authenticator should grant access to its services.

The AT-8400 switch supports the following port roles under 802.1x
control:

❑ supplicant

❑ authenticator

Configuration

Example

A supplicant configuration with 802.1x functionality is shown in Figure
141 on page 407. In this example, a person logged into PC A wants to
use services offered by servers on the LAN behind the switch acting as
an authenticator. PC A is connected to a port on the switch that has
802.1x control enabled. Therefore, PC A’s own port acts in a supplicant
role. Message exchanges take place between the supplicant and the
authenticator. The authenticator passes the supplicant’s credentials to

See also other documents in the category Allied Telesis Computer hardware: