Allied Telesis AT-S63 User Manual

Page 432

Advertising
background image

Chapter 23: 802.1x Port-based Network Access Control Commands

432

Section VIII: Port Security

Description

This command sets ports to the authenticator role and configures the
authenticator role parameters. This command also removes port-based
access control from a port.

Examples

The following command sets ports 1.4 to 1.6 to the authenticator role. The
authentication method is set to 802.1x, meaning that the supplicants must
have 802.1x client software and provide a username and password, either
automatically or manually, when logging on and during reauthentications.
The operating mode is set to Single and the piggy back mode to disabled.
With these settings, only one supplicant can use each port. After a
supplicant logs on, access by any other client to the same port is denied:

set portaccess=8021x port=1.4-1.6 role=authenticator
mode=single piggyback=disabled

The next command is identical to the previous example, except the
authentication method is set to MAC address-based, meaning the
authenticator ports use the MAC addresses of the supplicants as the
usernames and passwords. With MAC address-based authentication, an
authenticator port automatically extracts the MAC address from the initial
frames received from a supplicant and sends it to the RADIUS server. The
supplicants do not need 802.1x client software. Again, as in the previous
example, since the operating mode is Single and the piggy back mode is
disabled, only one supplicant can use each port.

set portaccess=macbased port=1.4-1.6 role=authenticator
mode=single piggyback=disabled

Note

The remaining examples are limited to the 802.1x authentication
method, but apply equally to the MAC address-based authentication
method.

The following command sets port 2.12 to the authenticator role and the
operating mode to Single. The difference between this and the previous
example is here the piggy back mode is enabled. This feature is useful
when authenticator ports support multiple clients and you do not want to
give all of the supplicants separate username and password combinations
on the RADIUS server. When piggy back is enabled on an authenticator
port only one client has to log on for all of the clients to use the port:

set portaccess=8021x port=2.12 role=authenticator
mode=single piggyback=enabled

Advertising
Popular Brands
Popular manuals