Functions
Access Control and Device Authentication with IEEE 802.1X
The user authentication of the EDS500 devices (Chapter 2.3.2, "Login Mode Radius") can use
RADIUS to verify the validity of a login with Telnet, SSH or serial connections web interface.
Furthermore with the help of RADIUS a port authentication can be carried out according to
IEEE 802.1X (Chapter 2.24, "Access Control and Device Authentication with IEEE 802.1X"). This
does not safeguard the login on a EDS500 device but the whole network access via a specific
port.
Commands to configure the RADIUS protocol
< s e t s y s t e m r a d i u s s e r v e r { I P a d d r e s s } [ { s e r v e r p o r t } ]
< c l e a r s y s t e m r a d i u s s e r v e r { I P a d d r e s s } >
2.24 Access Control and Device Authentication with
IEEE 802.1X
The IEEE 802.1X standard offers the possibility to apply an access protection for physical
ports in the LAN. A device ("Supplicant") connected to an EDS500 managed switches
("Authenticator") is granted network access only after a successful authentication. The
Authenticator (in this case the EDS500 device) does not perform the actual authentication,
but instead uses a RADIUS server for this purpose, which must be configured (Chapter 2.23,
"RADIUS").
Authentication
Server (Radius)
IP-Network
Supplicant
Authenticator
Ethernet
Figure 26: Access control with IEEE 802.1X
Default configuration:
By default, 802.1X is activated and every port is unlocked (
< s e t d o t 1 x p o r t c o n t r o l
{ … } a u t h - f o r c e >
).
Configuring access negotiation
To activate the automatic access control, it is sufficient to configure the setting
< s e t d o t
1 x p o r t c o n t r o l { … } p a e - a u t o >
.
1KGT151021
V000 1
85
Содержание EDS500 Series
Страница 8: ...References Introduction 8 1KGT151021 V000 1 ...
Страница 152: ...Certificate Management Functions 152 1KGT151021 V000 1 ...
Страница 155: ...1KGT151021 V000 1 155 ...