Cisco Cisco SG200-26P 26-port Gigabit PoE Smart Switch Manuel De Maintenance
Security
802.1X
Cisco Small Business SF200E Series Advanced Smart Switch
171
10
802.1X
Local Area Networks (LANs) are often deployed in environments that permit
unauthorized devices to be physically attached to the LAN infrastructure, or permit
unauthorized users to attempt to access the LAN through equipment already
attached. In such environments, it might be desirable to restrict access to the
services offered by the LAN to those users and devices that are permitted to use
those services.
unauthorized devices to be physically attached to the LAN infrastructure, or permit
unauthorized users to attempt to access the LAN through equipment already
attached. In such environments, it might be desirable to restrict access to the
services offered by the LAN to those users and devices that are permitted to use
those services.
Port-based access control provides a method for networks to control whether
hosts can access services provided by a connected port. You can configure the
switch to use port-based network access control based on the IEEE 802.1x
protocol.
hosts can access services provided by a connected port. You can configure the
switch to use port-based network access control based on the IEEE 802.1x
protocol.
The 802.1x protocol defines three types of entities:
•
Supplicant: An entity that requests access to a port at the remote end of the
link. The supplicant provides credentials to the network that another node
on the network—the authenticator—uses to request authentication from a
server.
link. The supplicant provides credentials to the network that another node
on the network—the authenticator—uses to request authentication from a
server.
•
Authenticator: An entity that facilitates the authentication of the supplicant
on the remote end of a link. An authenticator grants port access to a
supplicant if the authentication succeeds.
on the remote end of a link. An authenticator grants port access to a
supplicant if the authentication succeeds.
•
Authentication Server: A server, such as a RADIUS server, that performs the
authentication on behalf of the authenticator, and indicates whether the
supplicant is authorized to access services provided via the authenticating
port.
authentication on behalf of the authenticator, and indicates whether the
supplicant is authorized to access services provided via the authenticating
port.
In the authentication process, 802.1X supports Extensible Authentication Protocol
(EAP) over LANs (EAPOL) message exchanges between supplicants and
authenticators.
(EAP) over LANs (EAPOL) message exchanges between supplicants and
authenticators.
A switch port can be configured either as an authenticator or a supplicant, but not
both.
both.
See the following topics for more information on the configuration pages available
in the Security > 802.1X menu.
in the Security > 802.1X menu.
•
•
•