User's Manual
Table Of Contents
- Contents
- Figures
- Preface
- Chapter 1
- AlliedWare Plus™ Version 2.1.2 Web Browser Interface
- Chapter 2
- Starting a Management Session
- Chapter 3
- Basic Switch Parameters
- Setting the System Date and Time
- Setting a Telnet or SSH Server
- Setting a Remote Log Server
- Setting the Switch Information
- Setting the Configuration File
- Managing User Accounts
- Rebooting a Switch
- Upgrading the Software
- Returning the AlliedWare Plus Management Software to the Factory Default Values
- Displaying System Information
- Chapter 4
- Setting Port Parameters
- Chapter 5
- Setting Port Statistics
- Chapter 6
- Setting Port Mirroring
- Chapter 7
- Setting the Port Spanning Tree Protocol
- Chapter 8
- Setting the MAC Address
- Chapter 9
- Setting LACP
- Chapter 10
- Setting Static Port Trunks
- Chapter 11
- Setting Port-based and Tagged VLANs
- Chapter 12
- Setting Switch Spanning Tree Protocols
- Chapter 13
- Setting Internet Group Management Protocol (IGMP) Snooping
- Chapter 14
- Setting MAC Address-based Port Security
- Chapter 15
- Setting RADIUS and TACACS+ Clients
- Chapter 16
- Setting 802.1x Port-based Network Access
- Chapter 17
- Setting IPv4 and IPv6 Management
- Chapter 18
- Setting LLDP and LLDP-MED
- Chapter 19
- Setting sFlow
Chapter 16: Setting 802.1x Port-based Network Access
176
Overview
The 802.1x port-based network access control feature lets you control
who can send traffic through and receive traffic from the individual switch
ports. The switch does not allow an end node to send or receive traffic
through a port until the user of the node has by authenticated by a
RADIUS server.
This port-security feature is used to prevent unauthorized individuals from
connecting a computer to a switch port or using an unattended workstation
to access your network resources. Only those users designated as valid
network users on a RADIUS server are permitted to use the switch to
access the network.
This port security method uses the RADIUS authentication protocol. The
management software of the switch includes RADIUS client software. As
mentioned in Chapter 15, “Setting RADIUS and TACACS+ Clients” on
page 163, you can use the RADIUS client software on the switch, along
with a RADIUS server on your network, to create new remote manager
accounts.
Note
RADIUS with Extensible Authentication Protocol (EAP) extensions
is the only supported authentication protocol for 802.1x port-based
network access control. This feature is not supported with the
TACACS+ authentication protocol.
Here are several terms to keep in mind when using this feature:
Supplicant— A supplicant is an end user or end node that wants to
access the network through a switch port. A supplicant is also referred
to as a client.
Authenticator— The authenticator is a port that prohibits network
access until a supplicant has logged on and been validated by the
RADIUS server.
Authentication server— The authentication server is the network
device that has the RADIUS server software. This is the device that
does the actual authenticating of the supplicants.
The switch does not authenticate any supplicants connected to its ports.
It’s function is to act as an intermediary between the supplicants and the
authentication server during the authentication process.