Allied Telesis AT-S63 User Manual

AT-S63 Management Software Web Browser Interface User’s Guide

Section VI: Port Security

405

Supplicant Mode
This parameter sets the supplicant mode of an authenticator port and
can take the following values:

ˆ

Single: Configures the port to accept only one authentication. This
authenticator mode should be used together with the piggy-back
mode. When an authenticator port is set to the Single mode and
the piggy-back mode is disabled, only the one client who is
authenticated can use the port. Packets from or to other clients on
the port are discarded. If piggy-back mode is enabled, other clients
can piggy-back onto another client’s authentication and so be able
to use the port.

ˆ

Multiple: Configures the port to accept up to 20 authentications.
Every client using an authenticator port in this mode must have a
username and password combination.

Port Control
The possible settings are:

Auto - Activates 802.1x port-based authentication and causes the port
to begin in the unauthorized state, allowing only EAPOL frames to be
sent and received through the port. The authentication process begins
when the link state of the port changes or the port receives an EAPOL-
Start packet from a supplicant. The switch requests the identity of the
client and begins relaying authentication messages between the client
and the authentication server. This is the default setting.

Force-authorized - Disables IEEE 802.1X port-based authentication
and causes the port to transition to the authorized state without any
authentication exchange required. The port transmits and receives
normal traffic without 802.1x-based authentication of the client.

Note

A supplicant connected to an authenticator port set to force-
authorized must have 802.1x client software. Though this setting
prevents an authentication exchange, the switch port still requires
that the supplicant have the client software. Supplicants without
802.1 client software cannot forward traffic through an authenticator
port set to force-authorized.

Force-unauthorized - Causes the port to remain in the unauthorized
state, ignoring all attempts by the client to authenticate. The switch
cannot provide authentication services to the client through the
interface

Max Requests
Specifies the maximum number of times that the switch retransmits an
EAP Request packet to the client before it times out the authentication
session. The default value for this parameter is 2 retransmissions. The
range is 1 to 10 retransmissions.