Allied Telesis AT-S63 User Manual
Page 733
AT-S63 Management Software Menus Interface User’s Guide
Section VII: Port Security
733
Note
End users of 802.1x port-based network access control should be
instructed to always log off when they are finished with a work
session. This prevents unauthorized individuals from accessing the
network through unattended network workstations.
You cannot use the MAC address port security feature, described in
Chapter 30, “MAC Address-based Port Security” on page 709, on
switch ports that are set to the authenticator or supplicant role. A port’s
MAC address security level must be Automatic.
An authenticator port can be tagged or untagged.
An authenticator port cannot be part of a static port trunk, LACP port
trunk, or port mirror.
GVRP must be disabled on an authenticator port.
When 802.1x Port-based Network Access Control is activated on a
switch, the feature polls all RADIUS servers specified in the RADIUS
configuration. If three servers have been configured, the switch polls
all three. If server 1 responds, all future requests go only to that server.
If server 1 stops responding, the switch again polls all RADIUS
servers. If server 2 responds, but not server 1, then all future requests
go to servers 1 and 2. If only server 3 responds, then all future
requests go to all three servers.
The AT-S63 management software only supports EAP-MD5
authentication for both authenticators and supplicants.