Chapter
Advanced Configuration
20
24-Port 10/100 + 2-Port 10/100/1000 Gigabit Advanced Smart Switch with 2 Combo SFPs
Security > 802.1X Settings
Security > 802.1X Settings
Network switches can provide open and easy access
to network resources by simply attaching a client PC.
Although this automatic configuration and access is a
desirable feature, it also allows unauthorized personnel
to easily intrude and possibly gain access to sensitive
network data.
The IEEE 802.1X (dot1X) standard defines a port-based
access control procedure that prevents unauthorized
access to a network by requiring users to first submit
credentials for authentication. Access to all switch ports in
a network can be centrally controlled from a server, which
means that authorized users can use the same credentials
for authentication from any point within the network.
This Switch uses the Extensible Authentication Protocol
over LANs (EAPOL) to exchange authentication protocol
messages with the client, and a remote RADIUS
authentication server to verify user identity and access
rights. When a client connects to a switch port, the Switch
responds with an EAPOL identity request. The client
provides its identity (such as a user name) in an EAPOL
response to the Switch, which it forwards to the RADIUS
server. The RADIUS server verifies the client identity and
sends an access challenge back to the client. The EAP packet
from the RADIUS server contains not only the challenge,
but the authentication method to be used. The client can
reject the authentication method and request another,
depending on the configuration of the client software
and the RADIUS server. The authentication method must
be MD5. The client responds to the appropriate method
with its credentials, such as a password or certificate.
The RADIUS server verifies the client credentials and
responds with an accept or reject packet. If authentication
is successful, the Switch allows the client to access the
network. Otherwise, network access is denied and the
port remains blocked.
The operation of 802.1X on the Switch requires the
following:
The Switch must have an IP address assigned.
RADIUS authentication must be enabled on the Switch
and the IP address of the RADIUS server specified.
802.1X must be enabled globally for the Switch.
Each Switch port that will be used must be set to dot1X
“Auto” mode.
Each client that needs to be authenticated must
have dot1X client software installed and properly
configured.
The RADIUS server and 802.1X client support EAP. (The
Switch only supports EAPOL in order to pass the EAP
packets from the server to the client.)
The RADIUS server and client also have to support the
same EAP authentication type – MD5. (Some clients
have native support in Windows, otherwise the dot1x
client must support it.)
Enable 802.1X
Enables or disables 802.1X mode.
NOTE:
This option must be enabled to configure
802.1X settings.
802.1X Settings
Port
Displays the port number.
Set Status
Enables or disables port authentication. By
default, port authentication is enabled which means
all the forwarding traffic needs to be authorized by the
RADIUS server.
Show Client MAC
Displays the MAC address of the last
client who sends out EAPOL control frame.
Authorization
Displays the authentication status of an
enabled port.
Click
Save Settings
to apply the changes.
•
•
•
•
•
•
•
