Enterasys Networks 2H252, 2E253, 2H253, 2H258 manual 2.2 802.1X Security Overview

Overview of Security Methods

Table 3-2 Authentication Terms and Abbreviations (Continued)

3.4.2.2802.1X Security Overview

The Enterasys Networks’ SmartSwitch 2200 Series modules support the following 802.1X and EAP security and authentication features to:

•Authenticate hosts that are connected to dedicated switch ports.

•Authenticate based on single-user hosts. (If a host is a time-shared Unix or VMS system, successful authentication by any user will allow all users access to the network.)

•Allow users to authenticate themselves by logging in with user names and passwords, token cards, or other high-level identification. Thus, a system manager does not need to spend hours setting low-level MAC address filters on every edge switch to simulate user-level access controls.

•Divide system functionality between supplicants (user machines), authenticators, and authentication servers. Authenticators reside in edge switches. They shuffle messages and tell the switch when to grant or deny access, but do not validate logins. User validation is the job of authentication servers. This separation of functions allows network managers to put authentication servers on central servers.

•Use the 802.1X protocol to communicate between the authenticator and the supplicant. the frame format using 802.1X incl;udes extra data fields within a LAN frame. Note that 802.1X does not allowrouting.

•Use the 802.1X protocol to communicate between the authenticator and the authentication server. The specific protocol that runs between these components (e.g., RADIUS-encapsulated EAP) is not specified and is implementation-dependent.

3-16Accessing Local Management