Chapter 54: 802.1x Port-based Network Access Control
728 Section VIII: Port Security
Note, however, that should the client who performed the initial log on fail to
periodically reauthenticate or log out, the authenticator port reverts to the
unauthenticated state. It bars all further traffic to and from all the clients
until the initial client or another client logs on.
Figure 125 is an example of this mode. Port 6 is connected to an Ethernet
hub or non-802.1x-compliant switch, which in turn is connected to several
supplicants. The switch does not forward the client traffic until one of the
clients logs on. Afterwards, it forwards the traffic of all the clients.
Figure 125. Multiple Host Operating Mode
If the port is set to the 802.1x authentication method, one client must have
802.1x client firmware and must provide a username and password during
authentication. (The other clients do not need 802.1x client firmware to
forward traffic through the port after one client has been authenticated.)
If the port is using MAC address-based authentication, 802.1 client
firmware is not required. The MAC address of the first client to forward
traffic through the port is used for authentication. When that client is
authenticated, all supplicants have access to the port.
As mentioned earlier, should the client who performed the initial log on fail
to reauthenticate when necessary or log out, the port reverts to the
AT-9000/28
Gigabit Ethernet Switch with 4 Combo SFP Ports
PWR
SYS
MODE
SELECT
COL
SPD
DUP
ACT
RS-232
CONSOLE
1451
RADIUS
Authentication
server
Port 6
Role: Authenticator
Operating Mode: Multiple host mode
Ethernet hub or
non-802.1x-compliant
switch
Authenticated
Client
Unauthenticated
Clients
To Next Page
Loading...
