Manuals / Avaya / Computer Equipment / Switch

Avaya P3343T-ML Port Based Network Access Control PBNAC, How “Port Based” Authentication Works

Models: P3343T-ML

1 178
Download 178 pages 4.71 Kb
Page 104
Image 104
Port Based Network Access Control (PBNAC)

Chapter 11 Avaya P330 Layer 2 Features

Port Based Network Access Control (PBNAC)

Port Based Network Access Control (IEEE 802.1X) is a method for performing authentication to obtain access to IEEE 802 LANs. The protocol defines an interaction between 3 entities:

Supplicant — an entity at one end of a point-to-point LAN segment that is being authenticated by an authenticator attached to the other end of that link.

Authenticator — an entity at one end of a point-to-point LAN segment that facilitates authentication of the entity attached to the other end of that link; in this case, the P330.

Authentication (RADIUS) Server — an entity that provides an authentication service to an authenticator. This service determines, from the credentials provided by the supplicant, whether the supplicant is authorized to access the services provided by the authenticator.

The process begins with the supplicant trying to access a certain restricted network resource, and upon successful authentication by the authentication server, the supplicant is granted access to the network resources.

How “Port Based” Authentication Works

802.1X provides a means of authenticating and authorizing users attached to a LAN port and of preventing access to that port in cases where the authentication process fails. The authentication procedure is port based, which means:

access control is achieved by enforcing authentication on connected ports

if an end-point station that connects to a port is not authorized, the port state is set to “unauthorized” which closes the port to any traffic.

As a result of an authentication attempt, the P330 port can be either in a “blocked” or a “forwarding” state.

802.1X interacts with existing standards to perform its authentication operation. Specifically, it makes use of Extensible Authentication Protocol (EAP) messages encapsulated within Ethernet frames (EAPOL), and EAP over RADIUS for the communication between the Authenticator and the Authentication Server.

PBNAC Implementation in the P330 Family

This section lists the conditions that govern the implementation of the 802.1X standard in the P330 line:

You can configure PBNAC on the 10/100 Mbps Ethernet ports only.

PBNAC can work only if a RADIUS server is configured on the P330 and the RADIUS server is carefully configured to support 802.1X.

PBNAC and port/intermodule redundancy can co-exist on the same ports.

PBNAC and LAGs can coexist on the same ports.

PBNAC and Spanning Tree can be simultaneously active on a module.

If either PBNAC or STP/RSTP are in a blocking state, the final state of the port

88

Avaya P334T-ML User’s Guide

Page 103 Page 105
Page 104
Image 104
Avaya P3343T-ML manual Port Based Network Access Control PBNAC, How “Port Based” Authentication Works
Page 103 Page 105