Chapter 54: 802.1x Port-based Network Access Control
718 Section VIII: Port Security
Overview
This chapter explains 802.1x port-based network access control. This port
security feature lets you control who can send traffic through and receive
traffic from the individual switch ports. The switch does not allow an end
node to send or receive traffic through a port until the user of the node has
by authenticated by a RADIUS server.
This feature is used to prevent unauthorized individuals from connecting a
computer to a switch port or using an unattended workstation to access
your network resources. Only those users designated as valid network
users on a RADIUS server are permitted to use the switch to access the
network.
This port security method uses the RADIUS authentication protocol. The
management software of the switch includes RADIUS client software. If
you have already read Chapter 82, “RADIUS and TACACS+ Clients” on
page 1189, then you know that you can also use the RADIUS client
software on the switch, along with a RADIUS server on your network, to
create new remote manager accounts.
Note
RADIUS with Extensible Authentication Protocol (EAP) extensions
is the only supported authentication protocol for 802.1x port-based
network access control. This feature is not supported with the
TACACS+ authentication protocol.
Here are several terms to keep in mind when using this feature.
Supplicant - A supplicant is an end user or end node that wants to
access the network through a switch port. A supplicant is also referred
to as a client.
Authenticator - The authenticator is a port that prohibits network
access until a supplicant has logged on and been validated by the
RADIUS server.
Authentication server - The authentication server is the network device
that has the RADIUS server software. This is the device that does the
actual authenticating of the supplicants.
The switch does not authenticate any supplicants connected to its ports.
It’s function is to act as an intermediary between the supplicants and the
authentication server during the authentication process.
To Next Page
Loading...
