Chapter 11 Avaya P330 Layer 2 Features

Port Based Network Access Control (PBNAC)

Port Based Network Access Control (IEEE 802.1X) is a method for performing authentication to obtain access to IEEE 802 LANs. The protocol defines an interaction between 3 entitites:

Supplicant — an entity at one end of a point-to-point LAN segment that is being authenticated by an authenticator attached to the other end of that link.

Authenticator — an entity at one end of a point-to-point LAN segment that facilitates authentication of the entity attached to the other end of that link; in this case, the P330.

Authentication (RADIUS) Server — an entity that provides an authentication service to an authenticator. This service determines, from the credentials provided by the supplicant, whether the supplicant is authorized to access the services provided by the authenticator.

The process begins with the supplicant trying to access a certain restricted network resource, and upon successful authentication by the authentication server, the supplicant is granted access to the network resources.

How "Port Based" Authentication Works

802.1X provides a means of authenticating and authorizing users attached to a LAN port and of preventing access to that port in cases wher the authentication process fails. The authentication procedure is port based, which means:

access control is achieved by enforcing authetication on connected ports

if an end-point station that connects to a port is not authorized, the port state is set to "unauthorized" which closes the port to any traffic.

As a result of an authentication attempt, the P330 port can be either in a "blocked" or a "forwarding" state.

802.1X interacts with existing standards to perform its authentication operation. Specifically, it makes use of Extensible Authentication Protocol (EAP) messages encapsulated within Ethernet frames (EAPOL), and EAP over RADIUS for the communication between the Authenticator and the Authentication Server.

PBNAC Implementation in the P330 Family

This section lists the conditions that govern the implementation of the 802.1X standard in the P330 line:

You can configure PBNAC on the 10/100 Mbps Ethernet ports only.

PBNAC can work only if a RADIUS server is configured on the P330 and the RADIUS server is carefully configured to support 802.1X.

PBNAC and port/intermodule redundancy can co-exist on the same ports.

PBNAC and LAGs can coexist on the same ports.

PBNAC and Spanning Tree can be simultaneously active on a module.

Avaya P333R-LB User’s Guide

67

Page 80 Page 82
Page 81
Image 81
Avaya P333R-LB manual Port Based Network Access Control Pbnac, How Port Based Authentication Works
Page 80 Page 82

P333R-LB specifications

The Avaya P333R-LB is a robust and versatile switch that is part of Avaya's portfolio aimed at enterprise networking solutions. This switch is designed to enhance the performance and scalability of network infrastructure while ensuring high availability and reliability.

One of the main features of the P333R-LB is its Layer 3 switching capability, which allows for efficient routing within an organization's network. This capability is particularly beneficial for organizations with multiple VLANs, as it simplifies the routing process and ensures that data packets are transmitted in the most efficient manner possible.

The P333R-LB is equipped with advanced Quality of Service (QoS) features to prioritize traffic based on the type of application being used. This ensures that critical applications, such as VoIP and video conferencing, receive the necessary bandwidth and low latency required for optimal performance. Additionally, it supports both IPv4 and IPv6 protocols, making it adaptable to a variety of networking environments.

Another important feature of the Avaya P333R-LB is its stackable design. This allows multiple switches to be interconnected, creating a single logical unit. This stacking capability not only simplifies management but also increases overall network capacity and redundancy. In case of a hardware failure, the stack can continue operating without interruption, maintaining network integrity and service continuity.

The switch also integrates advanced security features, including support for MAC filtering, access control lists, and port security. These features help to safeguard network resources from unauthorized access and potential threats. Moreover, the P333R-LB supports 802.1X port-based authentication, which adds an additional layer of security during user access to the network.

The Avaya P333R-LB comes with multiple Gigabit Ethernet ports, allowing for high-speed connectivity to devices such as servers, workstations, and IP phones. This ensures that all devices on the network can communicate effectively, supporting the demands of modern enterprise environments.

For management and monitoring, the P333R-LB offers a user-friendly web interface along with SNMP support, enabling network administrators to easily configure settings and monitor network performance. This simplicity in management is crucial for IT teams that need to ensure optimal network performance while minimizing downtime.

In summary, the Avaya P333R-LB is a feature-rich, scalable, and reliable switch that meets the needs of demanding enterprise networks. With its advanced technologies, QoS support, stackable design, robust security features, and high-speed connectivity options, the P333R-LB is positioned to support a wide range of applications and enhance overall network performance.
Top Page Image Contents