User Authentication
3-81
3
TLS (Transport Layer Security), PEAP (Protected Extensible Authentication
Protocol), or TTLS (Tunneled Transport Layer Security). The client responds to the
appropriate method with its credentials, such as a password or certificate. The
RADIUS server verifies the client credentials and responds with an accept or reject
packet. If authentication is successful, the switch allows the client to access the
network. Otherwise, non-EAP traffic on the port is blocked or assigned to a guest
VLAN based on the “intrusion-action” setting. In “multi-host” mode, only one host
connected to a port needs to pass authentication for all other hosts to be granted
network access. Similarly, a port can become unauthorized for all hosts if one
attached host fails re-authentication or sends an EAPOL logoff message.
The operation of 802.1X on the switch requires the following:
• The switch must have an IP address assigned.
• RADIUS authentication must be enabled on the switch and the IP address of the
RADIUS server specified.
• 802.1X must be enabled globally for the switch.
• Each switch port that will be used must be set to dot1X “Auto” mode.
• Each client that needs to be authenticated must have dot1X client software
installed and properly configured.
• The RADIUS server and 802.1X client support EAP. (The switch only supports
EAPOL in order to pass the EAP packets from the server to the client.)
• The RADIUS server and client also have to support the same EAP authentication
type – MD5, PEAP, TLS, or TTLS. (Native support for these encryption methods is
provided in Windows XP, and in Windows 2000 with Service Pack 4. To support
these encryption methods in Windows 95 and 98, you can use the AEGIS dot1x
client or other comparable client software.)
Displaying 802.1X Global Settings
The 802.1X protocol provides client authentication.
Command Attributes
•
802.1X System Authentication Control
– The global setting for 802.1X.
Web
– Click Security, 802.1X, Information.
Figure 3-50 802.1X Global Information
Summary of Contents for 8126PL2-F
Page 1: ...MANAGEMENT GUIDE ta TigerSwitchTM 10 100 1000 L2 Lite SMB PoE Gigabit Switch SMC8126PL2 F ...
Page 2: ......
Page 6: ...vi ...
Page 22: ...Contents xxii ...
Page 26: ...Tables xxvi ...
Page 48: ...Initial Configuration 2 10 2 ...
Page 117: ...User Authentication 3 69 3 Web Click Security AAA Summary Figure 3 43 AAA Accounting Summary ...
Page 590: ...Command Line Interface 4 302 4 ...
Page 604: ...Glossary Glossary 8 ...
Page 612: ...Index 8 Index ...
Page 613: ......
Page 614: ...149100000023A R01 SMC8126PL2 F ...