Identifying the user
Using DHCP snooping to track clients
If your DHCP server supports it, you can use “option 82” to record more information about DHCP clients. This enhances your ability to track users. The switch can pass option 82 information to the DHCP server so that the server can record the switch MAC, switch port, VLAN number and
Example To pass option 82 information to the server, including the information that port 1 is room 101, use the following commands in addition to the configuration given in “Setting up DHCP snooping” on page 16.
enable dhcpsnooping option82
set dhcpsnooping port=1 subscriberid="Room 101"
Using ARP security
When you enable ARP security, the switch drops ARP packets received on
ARP security stops clients that are directly attached to the switch from using IP spoofing or ARP poisoning. It also protects
Example To turn on ARP security, use the following command in addition to the configuration given in “Setting up DHCP snooping”, above.
enable dhcpsnooping arpsecurity
Using 802.1x port authentication
With 802.1x port authentication, hosts must authenticate themselves when they attempt to access a network through an Ethernet port.
Unlike DHCP snooping, 802.1x only authenticates users when they access the port. It cannot track them afterwards.
Products
All switches listed on page 2
Software Versions
2.6.1 and later
A network controller, such as a RADIUS server, controls the authentication. The Allied Telesis switch facilitates the host to server communication and takes note of success or failure. Essentially, the host is completely denied access to the Ethernet until the switch sees the host successfully authenticate with the server. After that, the switch allows packets to and from the host to pass through the 802.1x controlled port.
802.1x can also dynamically assign the host to a VLAN.
Examples For examples of 802.1x authentication, see the following How To Notes:
zHow to Configure A Secure School Network Based On 802.1x
zHow To Use 802.1x VLAN Assignment
zHow To Use 802.1x
zHow To Use 802.1x Security with
Most of the above Notes describe how to configure the authentication server and the host, as well as the switch.
Create A Secure Network With Allied Telesis Managed Layer 3 Switches | 17 |