Allied Telesis AT-S79 manual 802.1x Port-based Network Access Control Overview

Chapter 10: 802.1x Port-based Network Access Control

802.1x Port-based Network Access Control Overview

802.1x Port-based Network Access Control (IEEE 802.1x) is used to control who can send traffic through and receive traffic from a switch port. With this feature, the switch will not allow an end node to send or receive traffic through a port until the user of the node logs on by entering a username and password.

This feature can prevent an unauthorized individual from connecting a computer to a switch port or using an unattended workstation to access your network resources. Only those users to whom you have assigned a username and password will be able to use the switch to access the network.

This feature must be used with the RADIUS authentication protocol and requires that there be a RADIUS server on your network. The RADIUS server performs the authentication of the username and password combinations.

Note

RADIUS with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server for this feature.

Following are several terms to keep in mind when using this feature.

ˆSupplicant - A supplicant is an end user or end node that wants to access the network through a switch port. A supplicant is also referred to as a client.

ˆAuthenticator - The authenticator is a port on the switch that prohibits network access by a supplicant until the network user has entered a valid username and password.

ˆAuthentication server - The authentication server is the network device that has the RADIUS server software. This is the device that does the actual authenticating of the user names and passwords from the supplicants.

The AT-GS950/16 and AT-GS950/24 switches do not authenticate the usernames and passwords from the end users. Rather, they act as an intermediary between a supplicant and the authentication server during the authentication process.