![background image](http://html.mh-extra.com/html/interlogix/ns3562-8p-2s/ns3562-8p-2s_user-manual_2077360142.webp)
Chapter 4: Web configuration
140
NS3562-8P-2S User Manual
frames are needed for a particular method. The switch simply encapsulates the EAP
part of the frame into the relevant type (EAPOL or RADIUS) and forwards it.
When authentication is complete, the RADIUS server sends a special packet containing
a success or failure indication. In addition to forwarding this decision to the supplicant,
the switch uses it to open up or block traffic on the switch port connected to the
supplicant.
Overview of User Authentication
The industrial managed switch can be configured to authenticate users logging into the
system for management access using local or remote authentication methods, such as
telnet and web browser. This industrial managed switch provides secure network
management access using the following options:
• Remote Authentication Dial-in User Service (RADIUS)
• Terminal Access Controller Access Control System Plus ()
• Local user name and Privilege Level control
IEEE 802.1X port-based authentication
The IEEE 802.1X standard defines a client-server-based access control and
authentication protocol that restricts unauthorized clients from connecting to a LAN
through publicly accessible ports. The authentication server authenticates each client
connected to a switch port before making available any services offered by the switch
or the LAN.
Until the client is authenticated, 802.1X access control allows only EAPOL traffic
through the port to which the client is connected. After authentication is successful,
normal traffic can pass through the port.
This section includes this conceptual information:
• Device Roles
• Authentication Initiation and Message Exchange
• Ports in Authorized and Unauthorized States
Device roles
With 802.1X port-based authentication, the devices in the network have specific roles
as shown below.