Overview – Allied Telesis AT-S101 User Manual

Chapter 14: 802.1x Port-based Network Access Control

158

Overview

802.1x Port-based Network Access Control (IEEE 802.1x) is used to
control who can send traffic through and receive traffic from a switch port.
With this feature, the switch does not allow an end node to send or receive
traffic through a port until the user of the node logs on by entering a
username and password.

This feature can prevent an unauthorized individual from connecting a
computer to a port or using an unattended workstation to access your
network resources. Only those users to whom you have assigned a
username and password are able to use the switch to access the network.

This feature must be used with the RADIUS authentication protocol and
requires that there is a RADIUS server on your network. The RADIUS
server performs the authentication of the username and password
combinations.

Note

RADIUS with Extensible Authentication Protocol (EAP) extensions
is the only supported authentication server for this feature.

Following are several terms to keep in mind when using this feature.

ˆ

Supplicant - A supplicant is an end user or end node that wants to
access the network through a switch port. A supplicant is also referred
to as a client.

ˆ

Authenticator - The authenticator is a port on the switch that prohibits
network access by a supplicant until the network user has entered a
valid username and password.

ˆ

Authentication server - The authentication server is the network device
that has the RADIUS server software installed. This is the device that
does the actual authenticating of the user names and passwords from
the supplicants.

The AT-GS950/8POE switch does not authenticate the usernames and
passwords from the end users. Rather, the switch acts as an intermediary
between a supplicant and the authentication server during the
authentication process.