46
NAS
This page allows you to configure the IEEE 802.1X and MAC-based authentication system and port settings. The IEEE
802.1X standard defines a port-based access control procedure that prevents unauthorized access to a network by
requiring users to first submit credentials for authentication. One or more central servers, the backend servers,
determine whether the user is allowed access to the network. These backend (RADIUS) servers are configured on the
"Configuration→Security→AAA" page.
MAC-based authentication allows for authentication of more than one user on the same port, and doesn't require
the user to have special 802.1X supplicant software installed on his system. The switch uses the user's MAC address
to authenticate against the backend server. Intruders can create counterfeit MAC addresses, which makes
MAC-based authentication less secure than 802.1X authentications. The NAS configuration consists of two sections, a
system- and a port-wide.
System Configuration
Mode
Indicates if NAS is globally enabled or disabled on the switch. If globally disabled, all ports are allowed
forwarding of frames.
Reauthentication Enabled
If checked, successfully authenticated supplicants/clients are reauthenticated after the interval specified by
the Reauthentication Period. Reauthentication for 802.1X-enabled ports can be used to detect if a new
device is plugged into a switch port or if a supplicant is no longer attached.
For MAC-based ports, reauthentication is only useful if the RADIUS server configuration has changed. It does
not involve communication between the switch and the client, and therefore doesn't imply that a client is
still present on a port (see Aging Period below).
Reauthentication Period
Determines the period, in seconds, after which a connected client must be reauthenticated. This is only
active if the Reauthentication Enabled checkbox is checked. Valid values are in the range 1 to 3600 seconds.
