Allied Telesis AT-S63 User Manual
AT-S63 Management Software Features Guide
Section VIII: Port Security
363
Authenticator Ports with Single and Multiple Supplicants
An authenticator port has two operating modes. The modes relate to the
number of clients using the port and, in situations where an authenticator
port is supporting more than one client, whether just one client or all the
clients must log on to use the switch port.
number of clients using the port and, in situations where an authenticator
port is supporting more than one client, whether just one client or all the
clients must log on to use the switch port.
The operating modes are:
Single
Multiple
Single Operating
Mode
The Single operating mode is used in two situations. The first is when an
authenticator port supports only one client. In this scenario, the switch
allows only one client to log on and use the port.
authenticator port supports only one client. In this scenario, the switch
allows only one client to log on and use the port.
You can also use the Single mode when an authenticator port supports
more than one client, but where only one client needs to log on in order for
all clients to use the port. This configuration can be useful in situations
where you want to add 802.1x Port-based Network Access Control to a
switch port that is supporting multiple clients, but want to avoid having to
create individual accounts for all the clients on the RADIUS server.
more than one client, but where only one client needs to log on in order for
all clients to use the port. This configuration can be useful in situations
where you want to add 802.1x Port-based Network Access Control to a
switch port that is supporting multiple clients, but want to avoid having to
create individual accounts for all the clients on the RADIUS server.
This is referred to as “piggy-backing.” After one client has successfully
logged, the port permits the other clients to piggy-back onto the initial
client’s log on, allowing all clients to forward packets through the port.
logged, the port permits the other clients to piggy-back onto the initial
client’s log on, allowing all clients to forward packets through the port.
To implement this configuration, you have to set the operating mode of an
authenticator port to Single and also toggle the piggy-back mode feature.
When piggy-back is disabled, only one client is allowed to log on and use
the port. When this feature is enabled, an unlimited number of clients can
use the port after one client has successfully logged on.
authenticator port to Single and also toggle the piggy-back mode feature.
When piggy-back is disabled, only one client is allowed to log on and use
the port. When this feature is enabled, an unlimited number of clients can
use the port after one client has successfully logged on.
Note, however, that should the client who accomplished the initial log on
fail to periodically reauthenticate or log out, the switch port reverts to the
unauthenticated state. It bars all further traffic to and from all the clients on
the port, until the initial client or another client logs on.
fail to periodically reauthenticate or log out, the switch port reverts to the
unauthenticated state. It bars all further traffic to and from all the clients on
the port, until the initial client or another client logs on.
Here are several examples that illustrate the Single operating mode and
the piggy-back mode of an authenticator port. In Figure 40 on page 364,
an authenticator port on a switch, in this case port 6, is connected to a
single client. The authenticator port’s operating mode is set to Single and
the piggy-back feature is disabled so that only one client can use the port
at any one time.
the piggy-back mode of an authenticator port. In Figure 40 on page 364,
an authenticator port on a switch, in this case port 6, is connected to a
single client. The authenticator port’s operating mode is set to Single and
the piggy-back feature is disabled so that only one client can use the port
at any one time.