Chapter 10: 802.1x Port-based Network Access Control
134 Section I: Using the Menus Interface
Allied Telesyn does not support connecting more than one supplicant
to an authenticator port on the switch. The switch allows only one
supplicant to log on per port.
Note
Connecting multiple supplicants to a switch port set to the Auto
setting does not conform to the IEEE 802.1x standard. This can
introduce security risks and can result in undesirable switch
behavior. To avoid this, Allied Telesyn recommends use the Force-
authorized setting on those ports that are connected to more than
one end node, such as a port connected to another switch or to a
hub.
A username and password combination is not tied to the MAC address
of an end node. This allows end users to use the same username and
password when working at different workstations.
After a supplicant has successfully logged on, the MAC address of the
end node is added to the switch’s MAC address table as an
authenticated address. It remains in the table until the end user logs off
the network. The address is not timed out, even if the end node
becomes inactive.
Note
End users of port-based access control should be instructed to
always log off when they are finished with a work session. This
prevents unauthorized individuals from accessing the network
through unattended network workstations.
There should be only one port in the authenticator port control setting
of Auto between a client and the authentication server.