ES-2048 User’s Guide

CHAPTER 16

Port Authentication

This chapter describes the 802.1x authentication method and RADIUS server connection setup. See Section 33.9 on page 259 for information on how to use the commands to configure additional Radius server settings as well as multiple Radius server configuration.

16.1 Port Authentication Overview

IEEE 802.1x is an extended authentication protocol2 that allows support of RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server.

16.1.1 RADIUS

RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used to authenticate users by means of an external server instead of (or in addition to) an internal device user database that is limited to the memory capacity of the device. In essence, RADIUS authentication allows you to validate an unlimited number of users from a central location.

Figure 52 RADIUS Server

16.1.1.1 Vendor Specific Attribute

A Vendor Specific Attribute (VSA) is an attribute-value pair that is sent between a RADIUS server and the switch. Configure VSAs on the RADIUS server to set the switch to perform the following actions on an authenticated user:

Limit bandwidth on incoming or outgoing traffic

Assign account privilege levels

2.At the time of writing, only Windows XP of the Microsoft operating systems supports it. See the Microsoft web site for information on other Windows operating system support. For other operating systems, see its documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software.

Chapter 16 Port Authentication

131