User guide
Configuring Network Services Port Authentication (802.1x)
638
AlliedView NMS Administration Guide
6.22 Port Authentication (802.1x)
The main components of Port Authentication are:
• The Authenticator - the port on the SBx3112 that wishes to enforce authentication before allowing access to services
that are accessible behind it. The SBx3112 plays this role.
• The Supplicant -the user device attached to the Authenticator that wishes to access services offered by the
authenticator's system. The supplicant may be a PC or other device connected to the Authenticator either directly or via
a hub
• The Authentication Server (RADIUS) - a device that uses the authentication credentials supplied by the supplicant (using
802.1X method described below), via the authenticator, or from the authenticator itself (using MAC based authentication
method) to determine if the authenticator should grant access to the network. Once authorized, the Authentication
server notifies the Authenticator to allow access. The Authentication Server may also supply other information
pertaining to the supplicant such as a particular VLAN to use.
Port authentication can be implemented with the following methods:
• 802.1X - This uses the IEEE Standard 802.1X standard. The supplicant is required to use 802.1X and supply the
authentication credentials to the Authentication Server via the Authenticator.
• MAC-based authentication - This uses the source MAC address of the supplicant for authentication. When the
Authenticator receives the frame from a newly learned source MAC, the Authenticator generates a RADIUS request for
authentication.
• Web-based authentication - A username/password pair is entered from the client’s browser. When the switch receives
the pair, it generates a RADIUS request for authentication.
The Authenticator can be configured to authorize one supplicant or more than one supplicant, as follows:
• Single Host - Only one (single) supplicant that is authorized can be allowed to communicate on the Authenticator port.
The other supplicant is disallowed.
• Multi Host - More than one supplicant is possible on the Authenticator port. When any one supplicant succeeds with
authentication, the other supplicants are automatically considered to be authenticated and can communicate on the port.
This mode is known as 'Piggyback Mode' also.
• Multi Supplicant - More than one supplicant is possible on the Authenticator port. However each supplicant has to be
individually authenticated. Some supplicants are allowed and some supplicants may be disallowed when a supplicant failed
to authenticate.
In NMS 12.3, the following are supported:
• 802.1x method
• MAC Authentication method
• Single Host, Multi Host, and Multi Supplicant
Note: Configuring RADIUS is not part of NMS provisioning, and must be done separately.
6.22.1 Port Authentication for a Device
Port Authentication Management is added to possible tasks at the device level, as shown in the following figure. (If the menu
item appears and the device is not supported, a Not Supported window appears.