Chapter 21: Security
268
Port Access Control
This section contains information and configuration procedures for the
Port-based Access Control. The following information is provided:
“Overview” on page 268
“Port Access Control Configuration” on page 269
Note
After configuring the Port-based Network Access Control, you can
choose to use either the local authentication server in the AT-S112
for 802.1x authentication or a remote RADIUS server for 802.1x
authentication. See “Dial-in User— Local Authentication” on
page 276 or “RADIUS Client” on page 273.
Overview
Port-based Network Access Control (IEEE 802.1x) is used to control who
can send traffic through and receive traffic from a switch port. With this
feature, the switch does not allow an end node to send or receive traffic
through a port until the user of the node logs on by entering a user name
and password.
This feature can prevent an unauthorized individual from connecting a
computer to a port or using an unattended workstation to access your
network resources. Only those users to whom you have assigned a user
name and password are able to use the switch to access the network.
This feature can be used with one of two authentication methods:
The RADIUS authentication protocol requires that a
remote RADIUS server is present on your network.
The RADIUS server performs the authentication of the
user name and password combinations. See “Port
Access Control Configuration” on page 269 and
“RADIUS Client” on page 273 for more information.
The Dial-in User (local) authentication method allows
you to set up the authentication parameters internally
in the switch without an external server. In this case,
the user name and password combinations are
entered in the associated with an optional VLAN when
they are defined. Based on these entries, the
authentication process is done locally by the AT-S112
using a standard EAPOL transaction.
Note
RADIUS with Extensible Authentication Protocol (EAP) extensions
is the only supported authentication server for this feature.
Содержание AT-GS950/16PS
Страница 12: ...Figures 12...
Страница 14: ...List of Tables 14...
Страница 18: ...Preface 18...
Страница 20: ...20...
Страница 52: ...Chapter 2 System Configuration 52...
Страница 54: ...54...
Страница 92: ...Chapter 5 Multiple Spanning Tree Protocol 92...
Страница 102: ...Chapter 6 Static Port Trunking 102...
Страница 118: ...Chapter 8 Port Mirroring 118...
Страница 140: ...Chapter 11 IGMP Snooping 140...
Страница 174: ...Chapter 14 GVRP 174...
Страница 186: ...Chapter 15 Quality of Service and Cost of Service 186...
Страница 188: ...188...
Страница 216: ...Chapter 17 SNMPv3 216...
Страница 244: ...Chapter 18 Access Control Configuration 244...
Страница 282: ...Chapter 21 Security 282...
Страница 288: ...Chapter 22 Power Over Ethernet PoE 288...
Страница 289: ...289 Chapter 23...
Страница 310: ...Chapter 24 LLDP 310...
Страница 322: ...322...
Страница 334: ...Chapter 26 Software Configuration Updates 334...
Страница 346: ...Chapter 28 Rebooting the AT GS950 16PS 346...
Страница 368: ...Appendix A MSTP Overview 368...
Страница 386: ...Appendix B AT GS950 16PS Default Parameters 386...