GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches

Access control is achieved by enforcing authentication of supplicants that are attached to a controlled ports of the authenticator. The result of the authentication process determines whether the supplicant is authorized to access services on that controlled port.

A port access entity (PAE) is able to adopt one of the following roles within an access control interaction:

Authenticator. A port that enforces authentication before allowing access to services available through that port.

Supplicant. A port that attempts to access services offered by the authenticator.

Authentication server. Performs the authentication function necessary to check the credentials of the supplicant on behalf of the authenticator.

All three roles are required in order to complete an authentication exchange.

The switch supports the authenticator role only, in which the PAE is responsible for communicating with the supplicant. The authenticator PAE is also responsible for submitting the information received from the supplicant to the authentication server so that the credentials can be checked, which determines the authorization state of the port. The authenticator PAE controls the authorized or unauthorized state of the controlled port depending on the outcome of the RADIUS-based authentication process.

Supplicant

Authenticator

 

switch

 

Authentication

 

server (RADIUS)

 

192.168.10.23

Supplicant

Sample 802.1x Configuration

This example shows how to configure the switch so that 802.1x-based authentication is required on the ports in a corporate conference room (g1–g8). These ports are available to visitors and need to be authenticated before they are granted access to the network. The authentication is handled by an external RADIUS server. When the visitor is successfully authenticated, traffic is automatically assigned to the guest VLAN. This example assumes that a VLAN has been configured with a VLAN ID of 150 and VLAN name of Guest.

1.In the Port Authentication screen, select ports g1 through g8.

2.From the Port Control list, select Unauthorized.

The Port Control setting for all other ports where authentication is not needed must be Authorized. When the Port Control setting is Authorized, the port is unconditionally put in

264

Page 263 Page 265
Page 264
Image 264
NETGEAR GS752TP, GS728TPP manual Sample 802.1x Configuration
Page 263 Page 265
Top Page Image Contents