DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual
158
Understanding 802.1X Port-based and Host-based Network Access Control
The original intent behind the development of 802.1X was to leverage the characteris tics of point -to-point in LANs. As
any single LAN segment in such infrastructures has no more than two devices at tached to it, one of whic h is a Bridge
Port. The Bridge Port detects events that indicate the attachment of an active devic e at the rem ote end of the link , or
an active device becoming inactive. These events can be used to control the authorization state of the Port and initiate
the process of authenticating the attached device if the Port is unauthorized. This is the Port -Based Network Access
Control.
Port-Based Network Access Control
Figure 5 - 20 Example of Typical Port-Based Configuration
Once the connected device has successfully been authenticated, the Port t hen becomes Authorized, and all
subsequent traffic on the Port is not subject to access control r estriction u ntil an event occurs that causes t he Port to
become Unauthorized. Hence, if the Port is actually connected to a shared m edia LAN segment with more than one
attached device, successfully authenticating one of the attached devices effectivel y provides acc ess to the LAN f or all
devices on the shared segment. Clearly, the security offered in this s ituation is open to attack.