General steps – Allied Telesis AT-S63 User Manual

AT-S63 Management Software Menus Interface User’s Guide

Section VII: Port Security

733

General Steps

Following are the general steps to implementing 802.1x Port-based
Network Access Control and RADIUS accounting on the switch:

1. You must install RADIUS server software on one or more of your

network servers or management stations. Authentication protocol
server software is not available from Allied Telesyn. Funk Software
Steel-Belted Radius and Free Radius have been verified as fully
compatible with the AT-S63 management software.

Note

This feature is not supported with the TACACS+ authentication
protocol.

2. Those clients connected to an authenticator port set to the 802.1x

authentication method will need 802.1x client software. Microsoft
WinXP client software and Meeting House Aegis client software have
been verified as fully compatible with the AT-S63 management
software. (802.1x client software is not required when an authenticator
port is set to the MAC address-based authentication method.)

3. You must configure and activate the RADIUS client software in the

AT-S63 management software. The default setting for the
authentication protocol is disabled. You will need to provide the
following information:

ˆ

The IP addresses of up to three RADIUS servers.

ˆ

The encryption key used by the authentication servers.

The instructions for this step are in “Configuring RADIUS” on
page 840.

4. You must configure the port access control settings on the switch. This

involves the following:

ˆ

Specifying the port roles.

ˆ

Configuring 802.1x port parameters.

ˆ

Enabling 802.1x Port-based Network Access Control.

The instructions for this step are found in this chapter.

5. If you want to use RADIUS accounting to monitor the clients connected

to the switch ports, you must configure the service on the switch, as
explained in “Configuring RADIUS Accounting” on page 750.