Allied Telesis AT-S63 User Manual

Page 739

Advertising
background image

AT-S63 Management Software Menus Interface User’s Guide

Section VIII: Port Security

739

ˆ

If a switch port set to the supplicant role is connected to a port on
another switch that is not set to the authenticator role, the port, after a
timeout period, assumes that it can send traffic without having to log
on.

ˆ

GVRP must be disabled on an authenticator port.

ˆ

When 802.1x port-based network access control is activated on a
switch, the feature polls all RADIUS servers specified in the RADIUS
configuration. If three servers have been configured, the switch polls
all three. If server 1 responds, all future requests go only to that server.
If server 1 stops responding, the switch again polls all RADIUS
servers. If server 2 responds, but not server 1, then all future requests
go to servers 1 and 2. If only server 3 responds, then all future
requests go to all three servers.

ˆ

In order to change the untagged VLAN assignment of an authenticator
or supplicant port, you must set its port role to none. You can change
the port’s role back to authenticator or supplicant after you have
changed the port’s VLAN assignment.

ˆ

To use the Guest VLAN feature, the designated VLAN must already
exist on the switch.

ˆ

A Guest VLAN can be either port-based or tagged.

ˆ

The switch must be running in the user-configured VLAN mode to
support 802.1x port-based network access control. The feature is not
supported when the switch is running in a multiple VLAN mode. For
further information, refer to “Selecting a VLAN Mode” on page 654.

ˆ

The AT-S63 management software only supports EAP-MD5
authentication for both authenticators and supplicants.

ˆ

The local subnet on the switch where the RADIUS server is a member
must have a routing interface. The switch uses the IP address of the
routing interface as its source address when communicating with the
server. For background information on routing interfaces, refer to the
latest version of the AT-S63 Management Software Command Line
Interface User’s Guide. To configure routing interfaces using the
menus interface, refer to Chapter 29, “Internet Protocol Version 4
Routing Interfaces” on page 695 in this guide.

Note

Prior to version 2.0.0 of the AT-S63 management software, the
RADIUS server had to be a member of the switch’s management
VLAN. This restriction no longer applies. The server can be located
on any local subnet of the switch, provided the subnet has a routing
interface.

Advertising
Popular Brands
Popular manuals