User Manual Managed Switches
138
Access Control Lists
The user can create specific access lists for any port of the switch. In these access lists is possible to
permit or deny any kind of ingress Ethernet and/or IP traffic.
Access control according IEEE 802.1X
The IEEE 802.1X standard defines a protocol for client/server-based access control and
authentication. The protocol restricts unauthorized clients from connecting to a LAN through ports
that are open to the Internet, and which otherwise would be readily accessible. The purpose of the
authentication server is to check each client that requests access to the port. The client is only
allowed access to the port if the client's permission is authenticated.
Three components are used to create an authentication mechanism based on 802.1X standards:
Client/Supplicant, Authentication Server, and Authenticator.
Client/Supplicant:
The end station that requests access to the LAN and switch services and
responds to the requests from the switch.
Authentication server:
The server that performs the actual authentication of the supplicant.
Authenticator:
Edge switch or wireless access point that acts as a proxy between the supplicant
and the authentication server, requesting identity information from the supplicant, verifying the
information with the authentication server, and relaying a response to the supplicant.
The Weidmüller switch acts as an authenticator in the 802.1X environment. A supplicant and an
authenticator exchange EAPOL (Extensible Authentication Protocol over LAN) frames with each
other.
Authentication can be initiated either by the supplicant or the authenticator. When the supplicant
initiates the authentication process, it sends an
EAPOL-Start
frame to the authenticator. When the
authenticator initiates the authentication process or when it receives an
EAPOL Start
frame, it sends
an
EAP Request/Identity
frame to ask for the username of the supplicant. The following actions are
described below: