Allied Telesis AT-S63 User Manual

Page 734

Advertising

Chapter 31: 802.1x Port-based Network Access Control

734

Section VIII: Port Security

An example of this authenticator operating mode is illustrated in Figure
248. The clients are connected to a hub or non-802.1x-compliant switch
which is connected to an authenticator port on an AT-9400 Series switch.
If the authenticator port is set to use the 802.1x authentication method,
each client must be given a separate username and password
combination to log on to and forward traffic through the AT-9400 Series
switch.

If the authentication method is MAC address-based, the authenticator port
uses the MAC addresses of the clients as the username and password
combinations. The port accepts and forwards traffic only from those clients
whose MAC addresses have been entered on the RADIUS server and
denies access to all other users.

Figure 248. Authenticator Port in Multiple Operating Mode - Example 1

The next example of the multiple mode in Figure 249 shows two AT-9400
Series switches. The clients connected to switch B have to log on to port 6
on Switch A when they pass a packet to that switch for the first time.

There are several items to note when interconnecting two 802.1x-
compliant devices using the Multiple operating mode of an authenticator
port. In order for switch B in our example to pass the RADIUS messages
to switch A, it must be able to log on to port 6 on switch A. That is why port
11 on the lower switch is configured as a supplicant. If its role is set to

AT-9400 Series Switch

FAULT

RPS

MASTER

POWER

CLASS 1

LASER PRODUCT

STATUS

TERMINAL

PORT

23R

24R

AT-9424T/SP

Gigabit Ethernet Switch

23R

24R

L/A

D/C

L/A

D/C

L/A

1000 LINK / ACT

HDX / COL

FDX

10/100 LINK / ACT

PORT ACTIVITY

L/A

1000 LINK / ACT

SFP

RADIUS
Authentication
Server

Port 6
Role: Authenticator
Operating Mode: Multiple
Piggy-back Mode: -----

Ethernet Hub or
Non-802.1x-compliant
Switch

Authenticated

Clients

Advertising

Popular Brands

Popular manuals