Allied Telesis AT-S79 manual Section I Using the Menus Interface

Chapter 10: 802.1x Port-based Network Access Control

ˆAllied Telesyn does not support connecting more than one supplicant to an authenticator port on the switch. The switch allows only one supplicant to log on per port.

Note

Connecting multiple supplicants to a switch port set to the Auto setting does not conform to the IEEE 802.1x standard. This can introduce security risks and can result in undesirable switch behavior. To avoid this, Allied Telesyn recommends use the Force- authorized setting on those ports that are connected to more than one end node, such as a port connected to another switch or to a hub.

ˆA username and password combination is not tied to the MAC address of an end node. This allows end users to use the same username and password when working at different workstations.

ˆAfter a supplicant has successfully logged on, the MAC address of the end node is added to the switch’s MAC address table as an authenticated address. It remains in the table until the end user logs off the network. The address is not timed out, even if the end node becomes inactive.

Note

End users of port-based access control should be instructed to always log off when they are finished with a work session. This prevents unauthorized individuals from accessing the network through unattended network workstations.

ˆThere should be only one port in the authenticator port control setting of Auto between a client and the authentication server.