Chapter 21: Security
268
Port Access Control
This section contains information and configuration procedures for the
Port-based Access Control. The following information is provided:
“Overview” on page 268
“Port Access Control Configuration” on page 269
Note
After configuring the Port-based Network Access Control, you can
choose to use either the local authentication server in the AT-S112
for 802.1x authentication or a remote RADIUS server for 802.1x
authentication. See “Dial-in User— Local Authentication” on
page 276 or “RADIUS Client” on page 273.
Overview
Port-based Network Access Control (IEEE 802.1x) is used to control who
can send traffic through and receive traffic from a switch port. With this
feature, the switch does not allow an end node to send or receive traffic
through a port until the user of the node logs on by entering a user name
and password.
This feature can prevent an unauthorized individual from connecting a
computer to a port or using an unattended workstation to access your
network resources. Only those users to whom you have assigned a user
name and password are able to use the switch to access the network.
This feature can be used with one of two authentication methods:
The RADIUS authentication protocol requires that a
remote RADIUS server is present on your network.
The RADIUS server performs the authentication of the
user name and password combinations. See “Port
Access Control Configuration” on page 269 and
“RADIUS Client” on page 273 for more information.
The Dial-in User (local) authentication method allows
you to set up the authentication parameters internally
in the switch without an external server. In this case,
the user name and password combinations are
entered in the associated with an optional VLAN when
they are defined. Based on these entries, the
authentication process is done locally by the AT-S112
using a standard EAPOL transaction.
Note
RADIUS with Extensible Authentication Protocol (EAP) extensions
is the only supported authentication server for this feature.
Summary of Contents for AT-GS950/16PS
Page 12: ...Figures 12...
Page 14: ...List of Tables 14...
Page 18: ...Preface 18...
Page 20: ...20...
Page 52: ...Chapter 2 System Configuration 52...
Page 54: ...54...
Page 92: ...Chapter 5 Multiple Spanning Tree Protocol 92...
Page 102: ...Chapter 6 Static Port Trunking 102...
Page 118: ...Chapter 8 Port Mirroring 118...
Page 140: ...Chapter 11 IGMP Snooping 140...
Page 174: ...Chapter 14 GVRP 174...
Page 186: ...Chapter 15 Quality of Service and Cost of Service 186...
Page 188: ...188...
Page 216: ...Chapter 17 SNMPv3 216...
Page 244: ...Chapter 18 Access Control Configuration 244...
Page 282: ...Chapter 21 Security 282...
Page 288: ...Chapter 22 Power Over Ethernet PoE 288...
Page 289: ...289 Chapter 23...
Page 310: ...Chapter 24 LLDP 310...
Page 322: ...322...
Page 334: ...Chapter 26 Software Configuration Updates 334...
Page 346: ...Chapter 28 Rebooting the AT GS950 16PS 346...
Page 368: ...Appendix A MSTP Overview 368...
Page 386: ...Appendix B AT GS950 16PS Default Parameters 386...