AT-9000 Switch Command Line User’s Guide
951
Guidelines
Here are the general guidelines to this feature:
Ports operating under port-based access control do not support
dynamic MAC address learning.
A port that is connected to a RADIUS authentication server must
not be set to the authenticator role because an authentication
server cannot authenticate itself.
The authentication method of an authenticator port can be either
802.1x or MAC address-based, but not both.
A supplicant connected to an authenticator port set to the 802.1x
authentication method must have 802.1x client software.
A supplicant does not need 802.1x client software if the
authentication method of an authenticator port is MAC address-
based.
The maximum number of supported supplicants on the entire
switch is 208.
An 802.1x username and password combination is not tied to the
MAC address of an end node. This allows end users to use the
same username and password when working at different
workstations.
After a supplicant has successfully logged on, the MAC address of
the end node is added to the switch’s MAC address table as an
authenticated address. It remains in the table until the supplicant
logs off the network or fails to reauthenticate, at which point the
address is removed. The address is not timed out, even if the node
becomes inactive.
End users of 802.1x port-based network access control should be
instructed to always log off when they are finished with a work
session. This can prevent unauthorized individuals from accessing
the network through unattended network workstations.
Authenticator ports cannot use MAC address-based port security.
For further information, refer to Chapter 60, “MAC Address-based
Port Security” on page 913.
Authenticator ports cannot be members of static port trunks, LACP
port trunks, or a port mirror.
Authenticator ports cannot use GVRP.
You cannot change the untagged VLAN assignment of a port after
it has been designated as an authenticator port. To change the
untagged VLAN assignment of an authenticator port, you must first
To Next Page
Loading...
