Allied Telesis AT-S63 User Manual

AT-S63 Management Software Menus Interface User’s Guide

Section IV: Security

627

log on.

❑ A username and password combination is not tied to the MAC

address of an end node. This allows end users to use the same
username and password when working at different workstations.

❑ After a supplicant has successfully logged on, the MAC address of

the end node is added to the switch’s MAC address table as an
authenticated address. It remains in the table until the end user
logs off the network. Only then is the address removed. The
address is not timed out, even if the end node becomes inactive.

Note

End users of port-based access control should be instructed to
always log off when they are finished with a work session. This
prevents unauthorized individuals from accessing the network
through unattended network workstations.

❑ You cannot use the MAC address port security feature, described

in Chapter 23, ”Port Security” on page 517, on switch ports that
are set to the authenticator or supplicant role. A port’s MAC
address security level must be Automatic.

❑ There should be only one port in the authenticator role between

a client and the authentication server.

❑ A switch port in the authenticator role transmits broadcast and

multicast traffic even when the client connected to the port has
not logged on.

❑ A port set to the authenticator role discards all spanning tree

BPDUs. Therefore, a switch port that is connected to a bridge
running STP, RSTP, or MSTP must be set to the None role.

❑ An authenticator port can be tagged or untagged.