General steps, Network access control guidelines, General steps network access control guidelines – Allied Telesis AT-S84 User Manual
Page 171
AT-S84 Management Software User’s Guide
Section I: Using the Menus Interface
171
As mentioned earlier, the switch itself does not authenticate the user
names and passwords from the clients. That is the responsibility of the
authentication server, which contains the RADIUS server software.
Instead, a switch acts as an intermediary for the authentication server by
denying access to the network by the client until the client has provided a
valid username and password, which the authentication server validates.
General Steps
Following are the general steps to implementing 802.1x Network Access
Control:
1. You must install RADIUS server software on one or more of your
network servers or management stations. Authentication protocol
server software is not available from Allied Telesyn.
2. You need to install 802.1x client software on those workstations that
are to be supplicants.
3. You must configure and activate the RADIUS client software in the
AT-S84 management software. The default setting for the
authentication protocol is disabled. You will need to provide the
following information:
The IP address of a RADIUS servers.
The encryption key used by the authentication server.
For instructions, refer to Chapter 13, “RADIUS Authentication Protocol”
on page 179.
4. You must configure the authenticator port settings, as explained in
“Configuring 802.1x Network Access Control” on page 174 in this
chapter.
Network Access
Control
Guidelines
Following are the guidelines for using this feature:
Ports set to Auto do not support port trunking or dynamic MAC address
learning.
The appropriate setting for a port on an AT-8000/8POE Fast Ethernet
Switch connected to an authentication server is Force-authorized, the
default setting. This is because an authentication server cannot
authenticate itself.
The authentication server must be a member of the Default VLAN by
communicating with the switch through a port that is an untagged
member of the Default VLAN.
Allied Telesyn does not support connecting more than one supplicant
to an authenticator port on the switch. The switch allows only one
supplicant to log on per port.