Chapter 21: Security

Port Access Control

This section contains information and configuration procedures for the

Port-based Access Control. The following information is provided:

“Overview” on page 268

“Port Access Control Configuration” on page 269

Note

After configuring the Port-based Network Access Control, you can choose to use either the local authentication server in the AT-S110 for 802.1x authentication or a remote RADIUS server for 802.1x authentication. See “Dial-in User— Local Authentication” on page 276 or “RADIUS Client” on page 273.

Overview Port-based Network Access Control (IEEE 802.1x) is used to control who can send traffic through and receive traffic from a switch port. With this feature, the switch does not allow an end node to send or receive traffic through a port until the user of the node logs on by entering a user name and password.

This feature can prevent an unauthorized individual from connecting a computer to a port or using an unattended workstation to access your network resources. Only those users to whom you have assigned a user name and password are able to use the switch to access the network.

This feature can be used with one of two authentication methods:

The RADIUS authentication protocol requires that a remote RADIUS server is present on your network. The RADIUS server performs the authentication of the user name and password combinations. See “Port Access Control Configuration” on page 269 and “RADIUS Client” on page 273 for more information.

The Dial-in User (local) authentication method allows you to set up the authentication parameters internally in the switch without an external server. In this case, the user name and password combinations are entered in the associated with an optional VLAN when they are defined. Based on these entries, the authentication process is done locally by the AT-S110 using a standard EAPOL transaction.

Note

RADIUS with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server for this feature.

268

Page 268
Image 268
Allied Telesis AT-S110, AT-GS950/10PS manual Port Access Control