Allied Telesis AT-S63

Contents

Section VIII: Port Security .....................................................................................413

Chapter 35: MAC Address-based Port Security ........................................................................................ 415

Supported Platforms........ ............................................................................................................................... 416

Overview............................................. ............................................................................................................ 417

Automatic................................................................................................................................. .................417

Limited.............................................................. ........................................................................................417

Secured.................................. .............................................................................................................. ....418

Locked....................................................... ...............................................................................................418

Invalid Frames and Intrusion Actions................................................................................... ...........................419

Guidelines............................................... ........................................................................................................ 420

Chapter 36: 802.1x Port-based Network Access Control ......................................................................... 421

Supported Platforms........ ............................................................................................................................... 422

Overview............................................. ............................................................................................................ 423

Authentication Process................. ... ... .... ... ... ... .... ... ... ... ... .... ... ........................................................................425

Port Roles.................. ... ... ... ... .... ... .................................................................................................................. 426

None Role................................................................................................................................ .................426

Authenticator Role............................................................ ... ... .... ... ... ... .... .................................................426

Supplicant Role ........................................................................................................................................ 428

Authenticator Ports with Single and Multiple Supplicants....................................................... .... ... ... ... ... .... ....429

Single Operating Mode........................................................................................ .....................................429

Multiple Operating Mode .......................................................................................................................... 433

Supplicant and VLAN Associations............................................................................................................. ....436

Single Operating Mode........................................................................................ .....................................437

Multiple Operating Mode .......................................................................................................................... 437

Supplicant VLAN Attributes on the RADIUS Server............................................ .... ... ... ... .... ....................437

Guest VLAN............................................... ... ... .... ... ... ... ... ...............................................................................438

RADIUS Accounting....................................................................................................... .................................439

General Steps.................................................. .... ... ........................................................................................440

Guidelines............................................... ........................................................................................................ 441

Section IX: Management Security .........................................................................445

Chapter 37: Web Server .............................................................................................................................. 447

Supported Platforms........ ............................................................................................................................... 448

Overview............................................. ............................................................................................................ 449

Supported Protocols............................................................... .... ... ... ... .... ... ... ... ... .... .................................449

Configuring the Web Server for HTTP.................................... ........................................................................450

Configuring the Web Server for HTTPS...................................................................................................... ....451

General Steps for a Self-signed Certificate......................... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ....... ....451

General Steps for a Public or Private CA Certificate............................................................ ... ... ... ... .... ....451

Chapter 38: Encryption Keys .............................................. ........................................................................453

Supported Platforms........ ............................................................................................................................... 454

Overview............................................. ............................................................................................................ 455

Encryption Key Length............................................................................... .....................................................456

Encryption Key Guidelines......................................................................... .....................................................457

Technical Overview..................................................................................................................... ....................458

Data Encryption...................................................... ..................................................................................458

Data Authentication................................ ..................................................................................................460

Key Exchange Algorithms ........................................................................................................................ 461