AT-9000 Switch Command Line User’s Guide
Section VIII: Port Security
737
Guidelines
Here are the general guidelines to this feature:
Ports operating under port-based access control do not support
dynamic MAC address learning.
A port that is connected to a RADIUS authentication server must not
be set to the authenticator role because an authentication server
cannot authenticate itself.
The authentication method of an authenticator port can be either
802.1x username and password combination or MAC address-based,
but not both.
A supplicant connected to an authenticator port set to the 802.1x
username and password authentication method must have 802.1x
client software.
A supplicant does not need 802.1x client software if the authentication
method of an authenticator port is MAC address-based.
Authenticator ports set to the multiple supplicant mode can support up
to a maximum of 320 authenticated supplicants at one time.
The maximum number of supplicants supported on authenticator ports
set to the multiple supplicant mode is 320. An authenticator port stops
accepting new clients after the maximum number is reached.
The maximum number of authenticated clients on the entire switch is
0. New supplicants are rejected once the maximum number is
reached. New clients are accepted as supplicants log out or are timed
out.
An 802.1x username and password combination is not tied to the MAC
address of an end node. This allows end users to use the same
username and password when working at different workstations.
After a client has successfully logged on, the MAC address of the end
node is added to the switch’s MAC address table as an authenticated
address. It remains in the table until the client logs off the network or
fails to reauthenticate, at which point the address is removed. The
address is not timed out, even if the node becomes inactive.
Note
End users of 802.1x port-based network access control should be
instructed to always log off when they are finished with a work
session. This can prevent unauthorized individuals from accessing
the network through unattended network workstations.
Authenticator and supplicant ports must be untagged ports. They
cannot be tagged ports.
Содержание AT-9000/28
Страница 4: ......
Страница 26: ...Contents 26...
Страница 30: ...Tables 30...
Страница 36: ...36 Section I Getting Started...
Страница 70: ...Chapter 2 Starting a Management Session 70 Section I Getting Started...
Страница 96: ...96 Section II Basic Operations...
Страница 142: ...Chapter 6 Basic Switch Management Commands 142 Section II Basic Operations...
Страница 220: ...Chapter 9 IPv4 and IPv6 Management Addresses 220 Section II Basic Operations...
Страница 244: ...Chapter 10 IPv4 and IPv6 Management Address Commands 244 Section II Basic Operations...
Страница 264: ...Chapter 12 SNTP Client Commands 264 Section II Basic Operations...
Страница 298: ...Chapter 15 Enhanced Stacking 298 Section II Basic Operations...
Страница 312: ...Chapter 16 Enhanced Stacking Commands 312 Section II Basic Operations...
Страница 318: ...Chapter 17 Port Mirror 318 Section II Basic Operations...
Страница 324: ...Chapter 18 Port Mirror Commands 324 Section II Basic Operations Example awplus show mirror...
Страница 350: ...Chapter 21 Multicast Commands 350 Section II Basic Operations...
Страница 352: ...352 Section III File System...
Страница 360: ...Chapter 22 File System 360 Section III File System...
Страница 383: ...AT 9000 Switch Command Line User s Guide Section III File System 383 Example awplus show boot...
Страница 386: ...Chapter 25 Boot Configuration File Commands 386 Section III File System...
Страница 398: ...Chapter 26 File Transfers 398 Section III File System...
Страница 406: ...Chapter 27 File Transfer Commands 406 Section III File System...
Страница 408: ...408 Section IV Event Messages...
Страница 430: ...Chapter 30 Syslog Client 430 Section IV Event Messages...
Страница 438: ...438 Section V Port Trunks...
Страница 448: ...Chapter 32 Static Port Trunks 448 Section V Port Trunks...
Страница 480: ...480 Section VI Spanning Tree Protocols...
Страница 500: ...Chapter 36 Spanning Tree and Rapid Spanning Tree Protocols 500 Section VI Spanning Tree Protocols...
Страница 520: ...Chapter 38 STP Commands 520 Section VI Spanning Tree Protocols...
Страница 542: ...Chapter 40 RSTP Commands 542 Section VI Spanning Tree Protocols Example awplus show spanning tree...
Страница 558: ...558 Section VII Virtual LANs...
Страница 600: ...Chapter 42 Port based and Tagged VLAN Commands 600 Section VII Virtual LANs...
Страница 634: ...Chapter 44 GARP VLAN Registration Protocol Commands 634 Section VII Virtual LANs...
Страница 670: ...Chapter 47 Private Port VLANs 670 Section VII Virtual LANs...
Страница 692: ...Chapter 50 VLAN Stacking 692 Section VII Virtual LANs...
Страница 698: ...Chapter 51 VLAN Stacking Commands 698 Section VII Virtual LANs...
Страница 700: ...700 Section VIII Port Security...
Страница 748: ...Chapter 54 802 1x Port based Network Access Control 748 Section VIII Port Security...
Страница 790: ...Chapter 55 802 1x Port based Network Access Control Commands 790 Section VIII Port Security...
Страница 792: ...792 Section IX Simple Network Management Protocols...
Страница 804: ...Chapter 56 SNMPv1 and SNMPv2c 804 Section X Simple Network Management Protocols...
Страница 852: ...852 Section X Network Management...
Страница 976: ...Chapter 63 Address Resolution Protocol ARP 976 Section X Network Management...
Страница 1090: ...1090 Section XI Management Security...
Страница 1114: ...Chapter 71 Telnet Server 1114 Section XI Management Security...
Страница 1122: ...Chapter 73 Telnet Client 1122 Section XI Management Security...
Страница 1126: ...Chapter 74 Telnet Client Commands 1126 Section XI Management Security...
Страница 1138: ...Chapter 75 Secure Shell SSH Server 1138 Section XI Management Security...
Страница 1158: ...Chapter 78 Non secure HTTP Web Browser Server Commands 1158 Section XI Management Security...
Страница 1186: ...Chapter 80 Secure HTTPS Web Browser Server Commands 1186 Section XI Management Security...
Страница 1202: ...Chapter 81 RADIUS and TACACS Clients 1202 Section XI Management Security...
Страница 1230: ...Chapter 82 RADIUS and TACACS Client Commands 1230 Section XI Management Security...
Страница 1244: ...Chapter System Monitoring Commands 1244...
Страница 1278: ...Index 1278 Configuration mode 644 659 VLAN SET MACADDRESS command Port Interface mode 644 661 W WRITE command 75 94 385...