A SERVICE OF

logo

Open as PDF
next previous
49
Chapter 5: Using the Web-based Utility for Configuration
Security Tab - 802.1x Settings
24-Port 10/100/1000 Gigabit Switch with Webview and PoE
Security Tab - 802.1x Settings
Port based authentication enables authenticating system users on a per-port basis via an external server. Only
authenticated and approved system users can transmit and receive data. Ports are authenticated via the RADIUS
server using the Extensible Authentication Protocol (EAP).
The IEEE 802.1X (dot1X) standard defines a port-based access control procedure that prevents unauthorized
access to a network by requiring users to first submit credentials for authentication. Access to all switch ports in
a network can be centrally controlled from a server, which means that authorized users can use the same
credentials for authentication from any point within the network
The operation of 802.1X on the Switch requires the following:
The Switch must have an IP address assigned.
RADIUS authentication must be enabled on the Switch and the IP address of the RADIUS server specified.
802.1X must be enabled globally for the Switch.
Each Switch port that will be used must be set to dot1X “Auto” mode.
Each client that needs to be authenticated must have dot1X client software installed and properly configured.
The RADIUS server and 802.1X client support EAP. (The Switch only supports EAPOL in order to pass the EAP
packets from the server to the client.)
The RADIUS server and client also have to support the same EAP authentication type – MD5. (Some clients
have native support in Windows, otherwise the dot1x client must support it.)
To enable 802.1X System Authentication Control, select Radius.
When 802.1X is enabled, you need to configure the parameters for the authentication process that runs between
the client and the Switch (that is, authenticator), as well as the client identity lookup process that runs between
the Switch and authentication server. These parameters are described in this section.
Operation Mode. Allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. (Options:
Single-Host, Multi-Host; Default: Single-Host)
Maximum Count. The maximum number of hosts that can connect to a port when the Multi-Host operation mode
is selected. (Range: 1-1024; Default: 5)
Mode. Sets the authentication mode to one of the following options:
Figure 5-29: Security - 802.1x Settings