Allied Telesis AT-S63 User Manual

Page 648

Advertising
background image

Chapter 28: 802.1x Port-based Network Access Control

648

Section IV: Port Security

IEEE 802.1x Port-based Network Access Control Overview

The AT-S63 management software offers you several different methods
for protecting your network and its resources from unauthorized access.
For instance, Chapter 27, “Port Security” on page 637, explains how you
can restrict network access using the MAC addresses that belong to the
end nodes of your network.

This chapter explains yet another way. This method is referred to as Port-
based Network Access Control (IEEE 802.1x). It uses the RADIUS
protocol to control who can send traffic through and receive traffic from a
switch port. With this feature, the switch does not allow an end node to
send or receive traffic through a port until the user of the node has logged
on by entering a username and password that the RADIUS server has
validated.

The benefit of this type of network security is obvious. This feature can
prevent an unauthorized individual from connecting a computer to a switch
port or using an unattended workstation to access your network
resources. Only those users to whom you have assigned valid usernames
and passwords are able to use the switch to access the network.

This port security method uses the RADIUS authentication protocol. The
AT-S63 management software is shipped with RADIUS client software. If
you have already read Chapter 34, “TACACS+ and RADIUS Protocols” on
page 761, then you know that you can use the RADIUS client software on
the switch, along with a RADIUS server on your network, to create new
manager accounts that control who can manage and change the AT-S63
parameter on the switch.

Note

RADIUS with Extensible Authentication Protocol (EAP) extensions
is the only supported authentication server for this feature. This
feature is not supported with the TACACS+ authentication protocol.
The switch supports only one authentication protocol at a time.
Therefore, if you want to implement IEEE 802.1 port access control
and also create new manager accounts as explained in Chapter 34,
“TACACS+ and RADIUS Protocols” on page 761, you must use the
RADIUS protocol.

Following are several terms to keep in mind when you use this feature.

ˆ

Supplicant - A supplicant is an end user or end node that wants to
access the network through a switch port. A supplicant is also referred
to as a client.

Advertising
Popular Brands
Popular manuals