4-2-8. 802.1X

802.1x port-based network access control provides a method to restrict users to access network resources via authenticating user’s information. This restricts users from gaining access to the network resources through a 802.1x-enabled port without authentication. If a user wishes to touch the network through a port under 802.1x control, he (she) must firstly input his (her) account name for authentication and waits for gaining authorization before sending or receiving any packets from a 802.1x-enabled port.

Before the devices or end stations accessing the network resources through the ports under 802.1x control, the devices or end stations connects to a controlled port by sending the authentication request to the authenticator, the authenticator passes the request to the authentication server to authenticate and verify, and the server tells the authenticator if the request get the grant of authorization for the ports.

According to IEEE802.1x, there are three components implemented. They are Authenticator, Supplicant and Authentication server shown in Fig. 4-13.

Supplicant:

It is an entity being authenticated by an authenticator. It is used to communicate with the Authenticator PAE (Port Access Entity) by exchanging the authentication message when the Authenticator PAE request is sent to it.

Authenticator:

An entity facilitates the authentication of the supplicant entity. It controls the state of the port, authorized or unauthorized, according to the result of authentication message exchanged between it and a supplicant PAE. The authenticator may request the supplicant to re-authenticate itself at a configured time period. Once start re-authenticating the supplicant, the controlled port keeps in the authorized state until re-authentication fails.

A port acting as an authenticator is thought to be two logical ports, a controlled port and an uncontrolled port. The controlled port can only pass the packets when the authenticator PAE is authorized, and on the other hand, the uncontrolled port will unconditionally pass the packets with PAE group MAC address, which has the value of 01-80-c2-00-00-03 and will not be forwarded by MAC bridge, at any time.

Authentication server:

A device provides authentication service, through EAP (Extensible Authentication Protocol), to an authenticator by using authentication credentials supplied by the supplicant to determine if the supplicant is authorized to access the network resource.

The overview of operation flow for the Fig. 4-13 is quite simple. When Supplicant PAE issues a request to Authenticator PAE, the Authenticator and Supplicant will exchange authentication message. Then, the Authenticator passes request to RADIUS server to verify. Finally, RADIUS server replies if the request is granted or denied.

62

Page 68
Image 68
Edimax Technology ES-5240G+ user manual

ES-5240G+ specifications

Edimax Technology ES-5240G+ is a highly versatile and efficient Ethernet switch designed to cater to the networking needs of small to medium-sized businesses and home offices. With its robust features and reliable performance, this switch is an essential component for a seamless network infrastructure.

One of the standout features of the ES-5240G+ is its 24 10/100/1000Mbps Gigabit Ethernet ports. This allows for high-speed connectivity, enabling users to transfer large files quickly and efficiently. The switch is equipped with a non-blocking architecture, ensuring that all ports can be utilized simultaneously without any reduction in bandwidth. This is particularly beneficial for businesses that rely on high-speed internet and internal networks for their daily operations.

The ES-5240G+ supports advanced Layer 2 switching features, including VLAN (Virtual Local Area Network) support, port mirroring, and link aggregation. These features enhance network management and optimization, making it easier to segment network traffic and improve security. With VLAN support, users can create separate networks within the same switch, leading to improved performance and reduced broadcast traffic.

Moreover, the ES-5240G+ incorporates IEEE 802.3x Flow Control, which helps to prevent data loss during heavy traffic periods. This technology allows for effective communication between devices and ensures smooth data transmission, even in congested network environments. Additionally, the switch is equipped with Automatic MDI/MDI-X detection, eliminating the need for crossover cables and simplifying installation.

From a security perspective, Edimax has included features such as address filtering and port security, which help to protect the network from unauthorized access. The switch can restrict access to specific MAC addresses, providing an added layer of security for sensitive data.

In terms of energy efficiency, the ES-5240G+ is designed to comply with IEEE 802.3az Energy Efficient Ethernet standards. This technology helps to reduce power consumption during low-traffic periods, making it an eco-friendly choice for businesses looking to minimize their carbon footprint.

Overall, Edimax Technology ES-5240G+ stands out as a reliable and efficient Ethernet switch, equipped with a range of features that enhance network performance and security. Its capabilities make it an ideal choice for businesses seeking to streamline their networking infrastructure and improve operational efficiency.