RUGGEDCOM ROS
User Guide
Chapter 5
Setup and Configuration
Port Security Concepts
233
•
Section 5.9.4, “Configuring IEEE 802.1X”
Section 5.9.1
Port Security Concepts
The following section describes some of the concepts important to the implementation of port security in
RUGGEDCOM ROS.
CONTENTS
•
Section 5.9.1.1, “Static MAC Address-Based Authentication”
•
Section 5.9.1.2, “IEEE 802.1x Authentication”
•
Section 5.9.1.3, “IEEE 802.1X Authentication with MAC Address-Based Authentication”
•
Section 5.9.1.4, “Assigning VLANS with Tunnel Attributes”
Section 5.9.1.1
Static MAC Address-Based Authentication
With this method, the switch validates the source MAC addresses of received frames against the contents in the
Static MAC Address Table.
RUGGEDCOM ROS also supports a highly flexible Port Security configuration which provides a convenient means
for network administrators to use the feature in various network scenarios.
A Static MAC address can be configured without a port number being explicitly specified. In this case, the
configured MAC address will be automatically authorized on the port where it is detected. This allows devices to
be connected to any secure port on the switch without requiring any reconfiguration.
The switch can also be programmed to learn (and, thus, authorize) a pre-configured number of the first source
MAC addresses encountered on a secure port. This enables the capture of the appropriate secure addresses when
first configuring MAC address-based authorization on a port. Those MAC addresses are automatically inserted into
the Static MAC Address Table and remain there until explicitly removed by the user.
Section 5.9.1.2
IEEE 802.1x Authentication
The IEEE 802.1x standard defines a mechanism for port-based network access control and provides a means of
authenticating and authorizing devices attached to LAN ports.
Although IEEE 802.1x is mostly used in wireless networks, this method is also implemented in wired switches.
The IEEE 802.1x standard defines three major components of the authentication method: Supplicant,
Authenticator and Authentication server. RUGGEDCOM ROS supports the Authenticator component.