Chapter 16: Setting 802.1x Port-based Network Access

Overview

The 802.1x port-based network access control feature lets you control who can send traffic through and receive traffic from the individual switch ports. The switch does not allow an end node to send or receive traffic through a port until the user of the node has by authenticated by a RADIUS server.

This port-security feature is used to prevent unauthorized individuals from connecting a computer to a switch port or using an unattended workstation to access your network resources. Only those users designated as valid network users on a RADIUS server are permitted to use the switch to access the network.

This port security method uses the RADIUS authentication protocol. The management software of the switch includes RADIUS client software. As mentioned in Chapter 15, “Setting RADIUS and TACACS+ Clients” on page 163, you can use the RADIUS client software on the switch, along with a RADIUS server on your network, to create new remote manager accounts.

Note

RADIUS with Extensible Authentication Protocol (EAP) extensions is the only supported authentication protocol for 802.1x port-based network access control. This feature is not supported with the TACACS+ authentication protocol.

Here are several terms to keep in mind when using this feature:

Supplicant— A supplicant is an end user or end node that wants to access the network through a switch port. A supplicant is also referred to as a client.

Authenticator— The authenticator is a port that prohibits network access until a supplicant has logged on and been validated by the RADIUS server.

Authentication server— The authentication server is the network device that has the RADIUS server software. This is the device that does the actual authenticating of the supplicants.

The switch does not authenticate any supplicants connected to its ports. It’s function is to act as an intermediary between the supplicants and the authentication server during the authentication process.

176

Page 175 Page 177
Page 176
Image 176
Allied Telesis AT-9000/28SP, AT-9000/52 manual 176
Page 175 Page 177

AT-9000/52, AT-9000/28SP, AT-9000/28 specifications

The Allied Telesis AT-9000/28 is a versatile and robust network switch designed for organizations seeking to enhance their networking capability. This Layer 2 managed switch delivers a high degree of performance and reliability, making it an ideal choice for businesses that require a seamless network experience.

One of the main features of the AT-9000/28 is its 28 ports, which include 24 Fast Ethernet ports and 4 Gigabit Ethernet uplink ports. This allows for flexible network configuration and scalability, accommodating both wired and wireless devices efficiently. The switch also supports auto-negotiation and auto-MDI/MDI-X, which simplifies installation and connectivity by automatically detecting and configuring the appropriate settings.

The AT-9000/28 employs advanced switching technologies, such as IEEE 802.1Q VLAN tagging, which enables the segregation of traffic for improved security and performance. This feature is crucial for businesses that require data isolation between different departments or user groups. In addition, the switch supports quality of service (QoS) protocols, allowing for traffic prioritization. This is particularly beneficial for organizations that handle multimedia applications or VoIP services that demand reliable bandwidth.

Another significant characteristic of the AT-9000/28 is its support for port mirroring. This capability is essential for network monitoring and troubleshooting, as it allows administrators to track and analyze network traffic efficiently. Furthermore, the switch supports multiple user authentication methods, including RADIUS and TACACS+, thus enhancing network security.

The AT-9000/28 is built with energy efficiency in mind, featuring Energy Efficient Ethernet (EEE) technology. This reduces power consumption during periods of low traffic without compromising performance, which aids in lowering overall operational costs.

In terms of management, the AT-9000/28 offers versatile management options, including a web-based GUI, Command Line Interface (CLI), and SNMP support. This flexibility enables network administrators to configure, monitor, and troubleshoot the switch easily.

Overall, the Allied Telesis AT-9000/28 is a reliable switch well-suited for a variety of network environments. Its combination of performance, security features, and energy efficiency makes it an excellent choice for organizations looking to optimize their network infrastructure. With robust capabilities and advanced technologies, the AT-9000/28 stands out as a valuable addition to any networking setup.
Top Page Image Contents