NETGEAR M4350-24F4V 24-Port 10G SFP+ Managed AV Network Switch User Manual
Page 921
allows the operation of a switch’s ports to be controlled to ensure that access to its
services is permitted only by systems that are authorized to do so.
Port access control provides a means of preventing unauthorized access by supplicants
to the services offered by a system. Control over the access to a switch and the LAN to
which it is connected can be desirable if you restrict access to publicly accessible bridge
ports or departmental LANs.
Access control is achieved by enforcing authentication of supplicants that are attached
to an authenticator's controlled ports. The result of the authentication process determines
whether the supplicant is authorized to access services on that controlled port.
A Port Access Entity (PAE) is able to adopt one of two distinct roles within an access
control interaction:
1. Authenticator: A port that enforces authentication before allowing access to services
available through that port.
2. Supplicant: A port that attempts to access services offered by the authenticator.
In addition, an authentication server is required. This is a device that performs the
authentication function necessary to check the credentials of the supplicant on behalf
of the authenticator. To complete an authentication exchange, an authenticator,
supplicant, and authentication server are required.
The switch support the authenticator role only, in which the PAE is responsible for
communicating with the supplicant. The authenticator PAE is also responsible for
submitting the information received from the supplicant to the authentication server
for the credentials to be checked, which determines the authorization state of the port.
The authenticator PAE controls the authorized/unauthorized state of the controlled port
depending on the outcome of the RADIUS-based authentication process.
Main User Manual
921
Configuration Examples
Fully Managed Switches M4350 Series Main User Manual