GarrettCom MNS-6K Manual Do Utilizador
Chapter
6
6 – Access Using RADIUS
Using a RADIUS server to authenticate access….
he IEEE 802.1x standard, Port Based Network Access Control, defines a mechanism for port-
based network access control that makes use of the physical access characteristics of
IEEE 802 LAN infrastructure. It provides a means of authenticating and authorizing
devices attached to LAN ports that have point-to-point connection characteristics. It also
based network access control that makes use of the physical access characteristics of
IEEE 802 LAN infrastructure. It provides a means of authenticating and authorizing
devices attached to LAN ports that have point-to-point connection characteristics. It also
prevents access to that port in cases where
the authentication and authorization fails.
Although 802.1x is mostly used in wireless networks, this protocol is also implemented in
LANs. The Magnum 6K family of switches implements the authenticator, which is a
major component of 802.1x.
LANs. The Magnum 6K family of switches implements the authenticator, which is a
major component of 802.1x.
T
RADIUS
Remote Authentication Dial-In User Service or RADIUS is a server that has been
traditionally used by many Internet Service Providers (ISP) as well as
Enterprises to authenticate dial in users. Today, many businesses use the RADIUS server for
authenticating users connecting into a network. For example, if a user connects a PC into the
network, whether the PC should be allowed access or not provides the same issues as to
whether or not a dial in user should be allowed access into the network or not. A user has to
provide a user name and password for authenticated access. A RADIUS server is well suited
for controlling access into a network by managing the users who can access the network on a
RADIUS server. Interacting with the server and taking corrective action(s) is not possible on
all switches. This capability is provided on the Magnum 6K family of switches.
authenticating users connecting into a network. For example, if a user connects a PC into the
network, whether the PC should be allowed access or not provides the same issues as to
whether or not a dial in user should be allowed access into the network or not. A user has to
provide a user name and password for authenticated access. A RADIUS server is well suited
for controlling access into a network by managing the users who can access the network on a
RADIUS server. Interacting with the server and taking corrective action(s) is not possible on
all switches. This capability is provided on the Magnum 6K family of switches.
j
RADIUS servers and its uses are also described by one or more RFCs.
802.1x
There are three major components of 802.1x: - Supplicant, Authenticator and
Authentication Server (RADIUS Server). In the figure below, the PC acts as the
supplicant. The supplicant is an entity being authenticated and desiring access to the
services. The switch is the authenticator. The authenticator enforces authentication before
Authentication Server (RADIUS Server). In the figure below, the PC acts as the
supplicant. The supplicant is an entity being authenticated and desiring access to the
services. The switch is the authenticator. The authenticator enforces authentication before
77