DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual

Client’s MAC Address

The MAC address of the DHCP client. Only multiple legal DHCP servers on the network

 

need to be entered in this field. If there is only one legal DHCP server on the network, no

 

input to this field is allowed.

 

 

Ports

Choose the range of ports that you want to use as the DHCP server, or check the All Ports

 

box if you wish to use all the ports on the switch.

 

 

Click Apply to implement changes.

802.1X

802.1X Port-Based and Host-Based Access Control

The IEEE 802.1X standard is a security measure for authorizing and authenticating users to gain access to various wired or wireless devices on a specified Local Area Network by using a Client and Server based access control model. This is accomplished by using a RADIUS server to authenticate users trying to access a network by relaying Extensible Authentication Protocol over LAN (EAPOL) packets between the Client and the Server. The following figure represents a basic EAPOL packet:

Figure 5 - 14 The EAPOL Packet

Utilizing this method, unauthorized devices are restricted from connecting to a LAN through a port to which the user is connected. EAPOL packets are the only traffic that can be transmitted through the specific port until authorization is granted. The 802.1X Access Control method holds three roles, each of which are vital to creating and upkeeping a stable and working Access Control security method.

Figure 5 - 15 The three roles of 802.1X

The following section will explain the three roles of Client, Authenticator and Authentication Server in greater detail.

Authentication Server

The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients

155

Page 166
Image 166
D-Link DGS-3700 802.1X Port-Based and Host-Based Access Control, Authentication Server, Client’s MAC Address