Configuring 802.1x global settings, Figure 187: configuring port security – Microsens MS453490M Management Guide User Manual
Page 326
C
HAPTER
14
| Security Measures
Configuring 802.1X Port Authentication
– 326 –
hosts if one attached host fails re-authentication or sends an EAPOL logoff
message.
Figure 187: Configuring Port Security
The operation of 802.1X on the switch requires the following:
◆
The switch must have an IP address assigned.
◆
RADIUS authentication must be enabled on the switch and the IP
address of the RADIUS server specified.
◆
802.1X must be enabled globally for the switch.
◆
Each switch port that will be used must be set to dot1X “Auto” mode.
◆
Each client that needs to be authenticated must have dot1X client
software installed and properly configured.
◆
The RADIUS server and 802.1X client support EAP. (The switch only
supports EAPOL in order to pass the EAP packets from the server to the
client.)
◆
The RADIUS server and client also have to support the same EAP
authentication type – MD5, PEAP, TLS, or TTLS. (Native support for
these encryption methods is provided in Windows XP, and in Windows
2000 with Service Pack 4. To support these encryption methods in
Windows 95 and 98, you can use the AEGIS dot1x client or other
comparable client software)
C
ONFIGURING
802.1X
G
LOBAL
S
ETTINGS
Use the Security > Port Authentication (Configure Global) page to
configure IEEE 802.1X port authentication. The 802.1X protocol must be
enabled globally for the switch system before port settings are active.
CLI R
EFERENCES
◆
"802.1X Port Authentication" on page 619
802.1x
client
RADIUS
server
1. Client attempts to access a switch port.
2. Switch sends client an identity request.
3. Client sends back identity information.
4. Switch forwards this to authentication server.
5. Authentication server challenges client.
6. Client responds with proper credentials.
7. Authentication server approves access.
8. Switch grants client access to this port.