Chapter
3: Web Management
Security - Network - NAS (Network Access Server)
NGSME24G4S User Manual | 66
3.1.4.10. Security - Network - NAS (Network Access Server)
This page allows you to configure the IEEE 802.1X and MAC-based authentication system
and port settings.
The IEEE 802.1X standard defines a port-based access control procedure that prevents
unauthorized access to a network by requiring users to first submit credentials for
authentication. One or more central servers, the backend servers, determine whether the
user is allowed access to the network. These backend (RADIUS) servers are configured on
the "Configuration
→
Security
→
AAA" page. The IEEE802.1X standard defines port-based
operation, but non-standard variants overcome security limitations as shall be explored
below.
MAC-based authentication allows for authentication of more than one user on the same port,
and doesn't require the user to have special 802.1X supplicant software installed on his
system. The switch uses the user's MAC address to authenticate against the backend server.
Intruders can create counterfeit MAC addresses, which makes MAC-based authentication
less secure than 802.1X authentication.
The NAS configuration consists of two sections, a system- and a port-wide.
System Configuration
Mode
Indicates if NAS is globally enabled or disabled on the stack. If globally disabled, all ports are
allowed forwarding of frames.
Re-authentication Enabled
If checked, successfully authenticated supplicants/clients are re-authenticated after the
interval specified by the Re-authentication Period. Re-authentication for 802.1X-enabled
ports can be used to detect if a new device is plugged into a switch port or if a supplicant is no
longer attached.