User Guide
OmniAccess SafeGuard OS Administration Guide
263
Chapter 6: Configuring Authentication and Role Derivation
— Open1x X supplicant for Linux systems
■ RADIUS servers
— OpenSource FreeRADIUS
— Juniper Networks Steel-Belted Radius
— Microsoft Internet Authentication Server (IAS) for Windows 2000
— Microsoft IAS for Windows 2003
— Open Systems Consultants Radiator
The SafeGuard Switch supports the following EAP authentication types or methods on
hosts.
Impact of Protection Modes on 802.1x
The SafeGuard Switch can be set for different security levels called protection modes. The
protection level can influence how 802.1x behaves because it can change the forwarding
mode.
■ Pass-thru – This mode is the default for the switch. In this mode, the switch
implements 802.1x in accordance to the standard but cannot take advantage of
any of the SafeGuard features, such as security policies or role derivation.
■ Monitor – The system monitors for policy visualization based on user-defined
policy controls, however no enforcement actions are taken. In this mode, the
switch uses the Authentication Manager to provide SafeGuard features, such as
session tracking and role derivation for 802.1x authenticated hosts.
■ Protect – The system monitors and enforces policies on user-defined and malware
policy controls. In this mode, the switch is able to provide the same services as in
monitor mode for 802.1x authenticated hosts in addition to enforcing policies.
For information on the protection-mode command and on changing the protection mode,
see Changing the Protection Mode of Ports on page 95.
Table 20 Supported EAP Methods
Host Authentication Method
Operating
Environment
Local
Authentication
RADIUS
Authentication
EAP-MD5 – Message Digest 5 Windows and Linux Yes Yes
EAP-TLS – Transport Layer Security Windows and Linux No Yes
EAP-TTLS – Tunneled TLS Linux only No Yes
PEAP – Protected EAP Windows and Linux No Yes