Netgear XCM8810 - 8800 SERIES 10-SLOT CHASSIS SWITCH ユーザーズマニュアル
402
|
Chapter 16. Network Login
NETGEAR 8800 User Manual
802.1x Authentication
802.1x authentication methods govern interactions between the supplicant (client) and the
authentication server. The most commonly used methods are Transport Layer Security
(TLS); Tunneled TLS (TTLS), which is a Funk/Certicom standards proposal; and PEAP.
authentication server. The most commonly used methods are Transport Layer Security
(TLS); Tunneled TLS (TTLS), which is a Funk/Certicom standards proposal; and PEAP.
TLS is the most secure of the currently available protocols, although TTLS is advertised to be
as strong as TLS. Both TLS and TTLS are certificate-based and require a Public Key
Infrastructure (PKI) that can issue, renew, and revoke certificates. TTLS is easier to deploy,
as it requires only server certificates, by contrast with TLS, which requires client and server
certificates. With TTLS, the client can use the MD5 mode of user name/password
authentication.
as strong as TLS. Both TLS and TTLS are certificate-based and require a Public Key
Infrastructure (PKI) that can issue, renew, and revoke certificates. TTLS is easier to deploy,
as it requires only server certificates, by contrast with TLS, which requires client and server
certificates. With TTLS, the client can use the MD5 mode of user name/password
authentication.
If you plan to use 802.1x authentication, see the documentation for your particular RADIUS
server and 802.1x client on how to set up a PKI configuration.
server and 802.1x client on how to set up a PKI configuration.
This section describes the following topics:
Interoperability Requirements
For network login to operate, the user (supplicant) software and the authentication server
must support common authentication methods. Not all combinations provide the appropriate
functionality.
must support common authentication methods. Not all combinations provide the appropriate
functionality.
Supplicant Side
The supported 802.1x clients (supplicants) are Windows 2000 SP4 native client, Windows XP
native clients, and Meetinghouse AEGIS.
native clients, and Meetinghouse AEGIS.
A Windows XP 802.1x supplicant can be authenticated as a computer or as a user. Computer
authentication requires a certificate installed in the computer certificate store, and user
authentication requires a certificate installed in the individual user's certificate store.
authentication requires a certificate installed in the computer certificate store, and user
authentication requires a certificate installed in the individual user's certificate store.
By default, the Windows XP machine performs computer authentication as soon as the
computer is powered on, or at link-up when no user is logged into the machine. User
authentication is performed at link-up when the user is logged in.
computer is powered on, or at link-up when no user is logged into the machine. User
authentication is performed at link-up when the user is logged in.
Windows XP also supports guest authentication, but this is disabled by default. See the
relevant Microsoft documentation for further information. The Windows XP machine can be
configured to perform computer authentication at link-up even if user is logged in.
relevant Microsoft documentation for further information. The Windows XP machine can be
configured to perform computer authentication at link-up even if user is logged in.