User Manual

3-15. 802.1X Configuration

802.1X port-based network access control provides a method to restrict users to access network resources via authenticating user’s information. This restricts users from gaining access to the network resources through a 802.1X- enabled port without authentication. If a user wishes to touch the network through a port under 802.1X control, he (she) must firstly input his (her) account name for authentication and waits for gaining authorization before sending or receiving any packets from a 802.1X-enabled port.

Before the devices or end stations can access the network resources through the ports under 802.1X control, the devices or end stations connected to a controlled port send the authentication request to the authenticator, the authenticator pass the request to the authentication server to authenticate and verify, and the server tell the authenticator if the request get the grant of authorization for the ports.

According to IEEE802.1X, there are three components implemented. They are Authenticator, Supplicant and Authentication server shown in Fig. 3-53.

Supplicant:

It is an entity being authenticated by an authenticator. It is used to communicate with the Authenticator PAE (Port Access Entity) by exchanging the authentication message when the Authenticator PAE request to it.

Authenticator:

An entity facilitates the authentication of the supplicant entity. It controls the state of the port, authorized or unauthorized, according to the result of authentication message exchanged between it and a supplicant PAE. The authenticator may request the supplicant to re-authenticate itself at a configured time period. Once start re-authenticating the supplicant, the controlled port keeps in the authorized state until re-authentication fails.

A port acting as an authenticator is thought to be two logical ports, a controlled port and an uncontrolled port. A controlled port can only pass the packets when the authenticator PAE is authorized, and otherwise, an uncontrolled port will unconditionally pass the packets with PAE group MAC address, which has the value of 01-80-c2-00-00-03 and will not be forwarded by MAC bridge, at any time.

Authentication server:

A device provides authentication service, through EAP, to an authenticator by using authentication credentials supplied by the supplicant to determine if the supplicant is authorized to access the network resource.

Publication date: January, 2006

Revision A2

114

Page 121 Page 123
Page 122
Image 122
KTI Networks KGS-2416 user manual 15 .1X Configuration
Page 121 Page 123

KGS-2416 specifications

KTI Networks KGS-2416 is a sophisticated Ethernet switch designed to meet the demands of modern networking environments. This device is particularly ideal for enterprises requiring robust performance for an expanding network infrastructure. With 24 10/100/1000Base-T ports and 2 gigabit SFP (Small Form-factor Pluggable) uplink ports, the KGS-2416 provides ample connectivity options suitable for a variety of applications, including servers, workstations, and other network devices.

One of the standout features of the KGS-2416 is its support for Layer 2 switching, which enhances data traffic management by enabling the configuration of VLANs (Virtual Local Area Networks). This capability allows network administrators to segment traffic and improve overall network performance and security. The switch supports IEEE 802.1Q VLAN tagging, allowing for up to 4096 VLANs to be configured, thus ensuring flexible network design and management.

Additionally, the KGS-2416 supports advanced traffic management features such as Quality of Service (QoS). This technology prioritizes critical network traffic, ensuring smooth and uninterrupted service for voice, video, and data applications. With support for multiple QoS standards, administrators can tailor the performance of their networks based on their specific needs.

Power over Ethernet (PoE) capability is another significant feature of the KGS-2416, allowing users to deliver both data and power over a single Ethernet cable to powered devices. This capability simplifies wiring and reduces the need for additional power supplies, making it an ideal solution for deploying IP cameras, wireless access points, and VoIP phones.

The switch is designed with an intuitive user interface that makes configuration and management hassle-free. It can be managed through both web-based GUI and command-line interface (CLI), providing flexibility for various administrative preferences. Moreover, the device supports SNMP (Simple Network Management Protocol), allowing for seamless integration into existing network management systems.

In terms of reliability, the KGS-2416 boasts features like redundant power supply options and a fanless design for silent operation. This makes it a reliable choice for environments where noise and downtime must be minimized. Overall, the KTI Networks KGS-2416 is an excellent choice for organizations looking for a feature-rich, reliable, and efficient Ethernet switch to power their networking needs.
Top Page Image Contents