Nortel 4134 Guia Do Utilizador
Authentication
73
TACACS+ encrypts the entire body of the packet but uses a standard
TACACS+ header. TACACS+ separates authentication, authorization, and
accounting services. This means that you can selectively implement one
or more TACACS+ services.
TACACS+ header. TACACS+ separates authentication, authorization, and
accounting services. This means that you can selectively implement one
or more TACACS+ services.
EAP IEEE 802.1X
The Extensible Authentication Protocol over LAN (EAPoL) or IEEE 802.1X
is a port-based network access control protocol that allows you to set up
network access control on internal LANs.
is a port-based network access control protocol that allows you to set up
network access control on internal LANs.
EAPoL provides security in that it prevents users from accessing network
resources before they are authenticated. Without this authentication, users
could access a network to assume a valid identity and access confidential
material or launch denial-of-service attacks.
resources before they are authenticated. Without this authentication, users
could access a network to assume a valid identity and access confidential
material or launch denial-of-service attacks.
EAP allows the exchange of authentication information between any end
station or server connected to the switch and an authentication server,
such as a RADIUS server. The EAPOL-based security feature operates in
conjunction with a RADIUS-based server to extend the benefits of remote
authentication to internal LAN clients.
station or server connected to the switch and an authentication server,
such as a RADIUS server. The EAPOL-based security feature operates in
conjunction with a RADIUS-based server to extend the benefits of remote
authentication to internal LAN clients.
You can use EAPoL to set up network access control on internal LANs and
to exchange authentication information between any end station or server
connected to the Secure Router and an authentication server (such as
a RADIUS server). This security feature extends the benefits of remote
authentication to internal LAN clients. For example, if a new client PC fails
the authentication process, EAPoL prevents it from accessing the network.
to exchange authentication information between any end station or server
connected to the Secure Router and an authentication server (such as
a RADIUS server). This security feature extends the benefits of remote
authentication to internal LAN clients. For example, if a new client PC fails
the authentication process, EAPoL prevents it from accessing the network.
Standards compliance
The SR4134 supports the following standards:
RADIUS
•
RADIUS Basic: RADIUS RFC2058, RFC2138 (obsoleted by 2865) ,
RFC2865 (obsoletes 2138))
RFC2865 (obsoletes 2138))
•
RADIUS Extension: RADIUS Accounting (RFC2139, RFC2866)
The following MIBs are also supported:
•
RADIUS Authentication Client MIB (RFC2618)
•
RADIUS Accounting Client MIB (RFC2620)
TACACS+
•
TACACS+ Protocol Version 1.76
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.