Overview of Security Methods
3-20
Accessing Local Management
3.6.2.2
802.1X Security Overview
The Enterasys Networks’ 6000 Series and Matrix E7 modules support the following 802.1X
security and authentication features to:
•
Authenticate hosts that are connected to dedicated switch ports.
•
Authenticate based on single-user hosts. (If a host is a time-shared Unix or VMS system,
successful authentication by any user will allow all users access to the network.)
•
Allow users to authenticate themselves by logging in with user names and passwords, token
cards, or other high-level identification. Thus, a system manager does not need to spend hours
setting low-level MAC address filters on every edge switch to simulate user-level access
controls.
•
Divide system functionality between supplicants (user machines), authenticators, and
authentication servers. Authenticators reside in edge switches. They shuffle messages and tell
the switch when to grant or deny access, but do not validate logins. User validation is the job of
authentication servers. This separation of functions allows network managers to put
authentication servers on central servers.
•
Use the 802.1X protocol to communicate between the authenticator and the supplicant. The
frame format using 802.1X includes extra data fields within a LAN frame. Note that 802.1X
does not allow routing.
•
Use 802.1X to communicate between the authenticator and the authentication server. The
specific protocol that runs between these components (e.g., RADIUS-encapsulated EAP) is not
specified and is implementation-dependent.
Authentication Server
Provides authentication service to an authenticator. This
service determines, by the credentials the supplicant
provides, whether a supplicant is authorized to access
services provided by the authenticator. The authentication
server can be co-located with an authenticator or can be
accessed remotely.
Supplicant
The entity (user machine) that is trying to be authenticated
by an authenticator attached to the other end of that link.
Table 3-4
Authentication Terms and Abbreviations (Continued)
Term
Definition
Содержание 6E2 Series
Страница 2: ......
Страница 20: ......
Страница 26: ......
Страница 36: ......
Страница 42: ......
Страница 228: ...PVST Port Configuration Screen 7 16 802 1 Configuration Menu Screens...
Страница 312: ......
Страница 336: ......
Страница 378: ...Special Commands 12 42 Network Tools Screens...
Страница 422: ......
Страница 436: ......