Allied Telesis AT-S63 User Manual

Page 589

Advertising
background image

AT-S63 Management Software Command Line Interface User’s Guide

Section VII: Port Security

589

set portaccess=8021x port=22 role=authenticator mode=multi

The following command assigns the Guest VLAN “Product_show” to
authenticator ports 5 and 12. The ports function as untagged members of
the VLAN and allow any network user access to the VLAN without logging
on. However, should a port start to receive EAPOL packets, it assumes
that a supplicant is initiating a log on and changes to the unauthorized
state. After the log on is completed, the port moves to its predefined VLAN:

set portaccess=8021x port=5,12 role=authenticator
guestvlan=product_show

The following command configures port 15 as an authenticator port. This
example assumes that the user accounts on the RADIUS server have
VLAN assignments. With the VLANASSIGNMENT parameter set to
enabled, the port processes the VLAN assignments it receives from the
RADIUS server. Had this parameter been disabled, the port would ignore
the VLAN assignments and leave the port in its predefined VLAN
assignment. The VLAN assignment of the port is determined by the initial
log on by a client. With the SECUREVLAN parameter set to enabled, only
those subsequent supplicants having the same VLAN assignment as the
initial supplicant are allowed to use the port:

set portaccess=8021x port=15 role=authenticator
mode=multiple vlanassignment=enabled securevlan=enabled

The following command sets port 7 to the authenticator role, the quiet
period on the port to 30 seconds, and the server timeout period to 200
seconds:

set portaccess=8021x port=7 role=authenticator
quietperiod=30 servtimeout=200

The following command configures authenticator port 5 to the multiple
operating mode:

set portaccess=8021x port=5 role=authenticator mode=multi

The following command configures authenticator port 5 to the single
operating mode and disables piggy backing:

set portaccess=8021x port=5 role=authenticator mode=single
piggyback=disabled

The following command disables port-based access control on ports 12
and 15:

set portaccess=8021x port=12,15 role=none

Advertising
Popular Brands
Popular manuals