Specifications
Table Of Contents
- Table of Contents
- Preface Template Formats
- Web-based (GUI) Configuration
- Configuration
- Device Information
- System Information
- Serial Port Settings
- IP Address Settings
- IPv6 Address Settings
- IPv6 Route Settings
- IPv6 Neighbor Settings
- Port Configuration Folder
- Static ARP Settings
- User Accounts
- System Log Configuration Folder
- DHCP Relay Folder
- MAC Address Aging Time
- Web Settings
- Telnet Settings
- CLI Paging Settings
- Firmware Information
- SNTP Settings Folder
- SMTP Settings Folder
- SNMP Settings Folder
- Layer 2 Features
- Jumbo Frame
- VLANs
- 802.1Q Static VLAN
- Q-in-Q Folder
- 802.1v Protocol VLAN Folder
- GVRP Settings
- Asymmetric VLAN Settings
- MAC-based VLAN Settings
- PVID Auto Assign Settings
- Port Trunking
- LACP Port Settings
- Traffic Segmentation
- IGMP Snooping Folder
- MLD Snooping Settings
- Port Mirror
- Loopback Detection Settings Page
- Spanning Tree Folder
- Forwarding & Filtering Folder
- LLDP Folder
- Quality of Service (QoS)
- Security
- Access Control List (ACL)
- Monitoring
- Save and Tools
- System Log Entries
- Trap List
802.1X Folder
Extreme Networks EAS 100-24t Switch Software Manual
109
Port-Based Network Access Control
Host-Based Network Access Control
Once the connected device has successfully
been authenticated, the Port then becomes
Authorized, and all subsequent traffic on the
Port is not subject to access control restriction
until an event occurs that causes the Port to
become Unauthorized. Hence, if the Port is
actually connected to a shared media LAN
segment with more than one attached device,
successfully authenticating one of the attached
devices effectively provides access to the LAN
for all devices on the shared segment. Clearly,
the security offered in this situation is open to
attack.
In order to successfully make use of 802.1X in
a shared media LAN segment, it would be
necessary to create “logical” Ports, one for
each attached device that required access to
the LAN. The Switch would regard the single
physical Port connecting it to the shared
media segment as consisting of a number of
distinct logical Ports, each logical Port being
independently controlled from the point of
view of EAPOL exchanges and authorization
state. The Switch learns each attached devices’
individual MAC addresses, and effectively
creates a logical Port that the attached device
can then use to communicate with the LAN
via the Switch.