Port roles, None role, Authenticator role – Allied Telesis AT-S63 User Manual

Chapter 29: 802.1x Port-based Network Access Control

622

Section IV: Security

Port Roles

Part of the task of implementing this feature is specifying the roles of the
ports on the switch. A port can have one of three roles:

❑ None

❑ Authenticator

❑ Supplicant

None Role

A switch port in the None role does not participate in port-based access
control. Any device can connect to the port and send traffic through it
and receive traffic from it without providing a username and password.
This is the default setting for the switch ports.

Set a port to this role if you do not want to require its client to log on to
use the network. This is also the correct role for a port that is connected
to an authentication server. Because an authentication server cannot
authenticate itself, the switch port to which it is connected must be set
to this role.

Authenticator Role

Placing a switch port in the authenticator role activates port access
control on the port. A port in the role of authenticator does not forward
network traffic to or from the end node until the client has entered a
username and password and the authentication server has validated
them.

Determining whether a switch port should be set to the authenticator
role is straightforward. If you want the user of the end node connected
to the port to log in before using the network, then you should set the
switch port to the authenticator role.

Figure 194 illustrates this concept. Port 2 on the switch has been set to
the authenticator role because it is connected to an end node with
802.1x client software. The end user at the workstation must log on to
use the network.