User guide
Port Authentication for a Device Port Authentication (802.1x)
6-251
AlliedView NMS Administration Guide (Configuring Network Services)
6.22 Port Authentication (802.1x)
The main components of Port Authentication are:
• The Authenticator - the port on the SBx3112 that wishes to enforce authentication before allowing access to services that
are accessible behind it. The SBx3112 plays this role.
• The Supplicant -the user device attached to the Authenticator that wishes to access services offered by the authenticator's
system. The supplicant may be a PC or other device connected to the Authenticator either directly or via a hub
• The Authentication Server (RADIUS) - a device that uses the authentication credentials supplied by the supplicant (using
802.1X method described below), via the authenticator, or from the authenticator itself (using MAC based authentication
method) to determine if the authenticator should grant access to the network. Once authorized, the Authentication server
notifies the Authenticator to allow access. The Authentication Server may also supply other information pertaining to the
supplicant such as a particular VLAN to use.
Port authentication can be implemented with the following methods:
• 802.1X - This uses the IEEE Standard 802.1X standard. The supplicant is required to use 802.1X and supply the authen-
tication credentials to the Authentication Server via the Authenticator.
• MAC-based authentication - This uses the source MAC address of the supplicant for authentication. When the Authenti-
cator receives the frame from a newly learned source MAC, the Authenticator generates a RADIUS request for authenti-
cation.
• Web-based authentication - A username/password pair is entered from the client’s browser. When the switch receives the
pair, it generates a RADIUS request for authentication.
The Authenticator can be configured to authorize one supplicant or more than one supplicant, as follows:
• Single Host - Only one (single) supplicant to be authorized can be allowed to communicate on the Authenticator port.
The other supplicant is disallowed.
• Multi Host - More than one supplicant is possible on the Authenticator port. When any one supplicant succeeds with
authentication, the other supplicants are automatically considered to be authenticated and can communicate on the port.
This mode is known as 'Piggyback Mode' also.
• Multi Supplicant - More than one supplicant is possible on the Authenticator port. However each supplicant has to be
individually authenticated. Some supplicants are allowed and some supplicants may be disallowed when a supplicant
failed to authenticate.
In NMS 12.2, the following are supported:
• 802.1x method
• Single Host
Note: Configuring RADIUS is not part of NMS provisioning, and must be done separately.
6.22.1 Port Authentication for a Device
Port Authentication Management is added to possible tasks at the device level, as shown in the following figure. (If the menu
item appears and the device is not supported, a Not Supported window appears. In NMS release 12.2 only the SBx3112 is
supported)