Allied Telesis AT-S111 User Manual
Chapter 21: Security
268
Port Access Control
This section contains information and configuration procedures for the
Port-based Access Control. The following information is provided:
Port-based Access Control. The following information is provided:
Note
After configuring the Port-based Network Access Control, you can
choose to use either the local authentication server in the AT-S111
for 802.1x authentication or a remote RADIUS server for 802.1x
authentication. See “Dial-in User— Local Authentication” on
page 276 or “RADIUS Client” on page 273.
After configuring the Port-based Network Access Control, you can
choose to use either the local authentication server in the AT-S111
for 802.1x authentication or a remote RADIUS server for 802.1x
authentication. See “Dial-in User— Local Authentication” on
page 276 or “RADIUS Client” on page 273.
Overview
Port-based Network Access Control (IEEE 802.1x) is used to control who
can send traffic through and receive traffic from a switch port. With this
feature, the switch does not allow an end node to send or receive traffic
through a port until the user of the node logs on by entering a user name
and password.
can send traffic through and receive traffic from a switch port. With this
feature, the switch does not allow an end node to send or receive traffic
through a port until the user of the node logs on by entering a user name
and password.
This feature can prevent an unauthorized individual from connecting a
computer to a port or using an unattended workstation to access your
network resources. Only those users to whom you have assigned a user
name and password are able to use the switch to access the network.
computer to a port or using an unattended workstation to access your
network resources. Only those users to whom you have assigned a user
name and password are able to use the switch to access the network.
This feature can be used with one of two authentication methods:
The RADIUS authentication protocol requires that a
remote RADIUS server is present on your network.
The RADIUS server performs the authentication of the
user name and password combinations. See “Port
Access Control Configuration” on page 269 and
“RADIUS Client” on page 273 for more information.
remote RADIUS server is present on your network.
The RADIUS server performs the authentication of the
user name and password combinations. See “Port
Access Control Configuration” on page 269 and
“RADIUS Client” on page 273 for more information.
The Dial-in User (local) authentication method allows
you to set up the authentication parameters internally
in the switch without an external server. In this case,
the user name and password combinations are
entered in the associated with an optional VLAN when
they are defined. Based on these entries, the
authentication process is done locally by the AT-S111
using a standard EAPOL transaction.
you to set up the authentication parameters internally
in the switch without an external server. In this case,
the user name and password combinations are
entered in the associated with an optional VLAN when
they are defined. Based on these entries, the
authentication process is done locally by the AT-S111
using a standard EAPOL transaction.
Note
RADIUS with Extensible Authentication Protocol (EAP) extensions
is the only supported authentication server for this feature.
RADIUS with Extensible Authentication Protocol (EAP) extensions
is the only supported authentication server for this feature.