General steps – Allied Telesis AT-S63 User Manual

AT-S63 Management Software Menus Interface User’s Guide

Section VIII: Port Security

739

General Steps

Here are the general steps to implementing 802.1x Port-based Network
Access Control and RADIUS accounting on the switch:

1. You must install a RADIUS server on one or more of your network

servers or management stations. Authentication protocol server
software is not available from Allied Telesyn. Funk Software Steel-
Belted Radius and Free Radius have been verified as fully compatible
with the AT-S63 management software.

Note

This feature is not supported with the TACACS+ authentication
protocol.

2. Those clients connected to an authenticator port set to the 802.1x

authentication method will need 802.1x client software. Microsoft
WinXP client software and Meeting House Aegis client software have
been verified as fully compatible with the AT-S63 management
software. (802.1x client software is not required when an authenticator
port is set to the MAC address-based authentication method.)

3. You must configure and activate the RADIUS client software in the

AT-S63 management software. The default setting for the
authentication protocol is disabled. You will need to provide the
following information:

ˆ

The IP addresses of up to three RADIUS servers.

ˆ

The encryption key used by the authentication servers.

The instructions for this step are in “Configuring the RADIUS Client” on
page 845.

4. You must configure the port access control settings on the switch. This

involves the following:

ˆ

Specifying the port roles.

ˆ

Configuring 802.1x port parameters.

ˆ

Enabling 802.1x Port-based Network Access Control.

The instructions for this step are found in this chapter.

5. If you want to use RADIUS accounting to monitor the clients connected

to the switch ports, you must configure the service on the switch, as
explained in “Configuring RADIUS Accounting” on page 757.