Manualshelf

User manual

ManualsBrandsAlloy ManualsComputer equipmentAPS-48T4SFP
271272273274275276277278279280
APS User Manual
278
scenario will loop forever. Therefore, the server timeout should be
smaller than the supplicant's EAPOL Start frame retransmission rate.
Single 802.1X: In port-based 802.1X authentication, once a supplicant is
successfully authenticated on a port, the whole port is opened for network
traffic. This allows other clients connected to the port (for instance through
a hub) to piggy-back on the successfully authenticated client and get
network access even though they really aren't authenticated. To overcome
this security breach, use the Single 802.1X variant. Single 802.1X is really not
an IEEE standard, but features many of the same characteristics as does
port-based 802.1X. In Single 802.1X, at most one supplicant can get
authenticated on the port at a time. Normal EAPOL frames are used in the
communication between the supplicant and the switch. If more than one
supplicant is connected to a port, the one that comes first when the port's
link comes up will be the first one considered. If that supplicant doesn't
provide valid credentials within a certain amount of time, another supplicant
will get a chance. Once a supplicant is successfully authenticated, only that
supplicant will be allowed access. This is the most secure of all the
supported modes. In this mode, the Port Security module is used to secure a
supplicant's MAC address once successfully authenticated.
Multi 802.1X: In port-based 802.1X authentication, once a supplicant is
successfully authenticated on a port, the whole port is opened for network
traffic. This allows other clients connected to the port (for instance through
a hub) to piggy-back on the successfully authenticated client and get
network access even though they really aren't authenticated. To overcome
this security breach, use the Multi 802.1X variant.
Multi 802.1X is really not an IEEE standard, but features many of the same
characteristics as does port-based 802.1X. Multi 802.1X is - like Single 802.1X
- not an IEEE standard, but a variant that features many of the same
characteristics. In Multi 802.1X, one or more supplicants can get
authenticated on the same port at the same time. Each supplicant is
authenticated individually and secured in the MAC table using the Port
Security module.
In Multi 802.1X it is not possible to use the multicast BPDU MAC address as