Allied Telesis AT-S63 User Manual

Page 433

Advertising
background image

AT-S63 Stack Command Line User’s Guide

Section VIII: Port Security

433

The following command sets port 4.22 to the authenticator role and the
operating mode to Multiple. This configuration is also appropriate where
there is more than one supplicant on a port. But an authenticator port in
the Multiple mode requires that all supplicants have their own username
and password combinations on the RADIUS server and that they log on
before they can use the authenticator port on the switch:

set portaccess=8021x port=4.22 role=authenticator mode=multi

The following command assigns the Guest VLAN “Product_show” to
authenticator ports 3.5 and 4.12. The ports function as untagged members
of the VLAN and allow any network user access to the VLAN without
logging on. However, should a port start to receive EAPOL packets, it
assumes that a supplicant is initiating a log on and changes to the
unauthorized state. After the log on is completed, the port moves to its
predefined VLAN:

set portaccess=8021x port=3.5,4.12 role=authenticator
guestvlan=product_show

The following command configures port 2.15 as an authenticator port. This
example assumes that the user accounts on the RADIUS server have
VLAN assignments. With the VLANASSIGNMENT parameter set to
enabled, the port processes the VLAN assignments it receives from the
RADIUS server. Had this parameter been disabled, the port would ignore
the VLAN assignments and leave the port in its predefined VLAN
assignment. The VLAN assignment of the port is determined by the initial
log on by a client. With the SECUREVLAN parameter set to enabled, only
those subsequent supplicants having the same VLAN assignment as the
initial supplicant are allowed to use the port:

set portaccess=8021x port=2.15 role=authenticator mode=multi
vlanassignment=enabled securevlan=on

The following command sets port 1.7 to the authenticator role, the quiet
period on the port to 30 seconds, and the server timeout period to 200
seconds:

set portaccess=8021x port=1.7 role=authenticator
quietperiod=30 servtimeout=200

The following command configures authenticator port 3.11 to the multiple
operating mode:

set portaccess=8021x port=3.11 role=authenticator mode=multi

The following command configures authenticator port 5.17 to the single
operating mode and disables piggy backing:

set portaccess=8021x port=5.17 role=authenticator
mode=single piggyback=disabled

Advertising
Popular Brands
Popular manuals