LevelOne GSW-4876 User Manual

C

HAPTER

4

| Configuring the Switch

Configuring Security

– 96 –

The advantage of MAC-based authentication over port-based

802.1X is that several clients can be connected to the same port

(e.g. through a 3rd party switch or a hub) and still require individual

authentication, and that the clients don't need special supplicant

software to authenticate. The advantage of MAC-based

authentication over 802.1X-based authentication is that the clients

don't need special supplicant software to authenticate. The

disadvantage is that MAC addresses can be spoofed by malicious

users - equipment whose MAC address is a valid RADIUS user can

be used by anyone. Also, only the MD5-Challenge method is

supported. The maximum number of clients that can be attached to

a port can be limited using the Port Security Limit Control

functionality.

Further Guidelines for Port Admin State

■

Port Admin state can only be set to Force-Authorized for ports

participating in the Spanning Tree algorithm (see

page 135

).

■

When 802.1X authentication is enabled on a port, the MAC address

learning function for this interface is disabled, and the addresses

dynamically learned on this port are removed from the common

address table.

■

Authenticated MAC addresses are stored as dynamic entries in the

switch's secure MAC address table. Configured static MAC addresses

are added to the secure address table when seen on a switch port

(see

page 166

). Static addresses are treated as authenticated

without sending a request to a RADIUS server.

■

When port status changes to down, all MAC addresses are cleared

from the secure MAC address table. Static VLAN assignments are

not restored.

◆

RADIUS-Assigned QoS Enabled - Enables or disables this feature for

a given port. Refer to the description of this feature under the System

Configuration section.

◆

RADIUS-Assigned VLAN Enabled - Enables or disables this feature

for a given port. Refer to the description of this feature under the

System Configuration section.

◆

Guest VLAN Enabled - Enables or disables this feature for a given

port. Refer to the description of this feature under the System

Configure section.

◆

Port State - The current state of the port:

■

Globally Disabled - 802.1X and MAC-based authentication are

globally disabled. (This is the default state.)

■

Link Down - 802.1X or MAC-based authentication is enabled, but

there is no link on the port.

■

Authorized - The port is in Force Authorized mode, or a single-

supplicant mode and the supplicant is authorized.