C
HAPTER
4
| Configuring the Switch
Configuring 802.1X Port Authentication
– 83 –
The operation of 802.1X on the switch requires the following:
◆ The switch must have an IP address assigned (see page 56).
◆ RADIUS authentication must be enabled on the switch and the IP
address of the RADIUS server specified. Backend RADIUS servers are
configured on the Authentication configuration page (see page 65).
◆ 802.1X / MAC-based authentication must be enabled globally for the
switch.
◆ The Admin State for each switch port that requires client authentication
must be set to 802.1X or MAC-based.
◆ When using 802.1X authentication:
■
Each client that needs to be authenticated must have dot1x client
software installed and properly configured.
■
When using 802.1X authentication, the RADIUS server and 802.1X
client must support EAP. (The switch only supports EAPOL in order
to pass the EAP packets from the server to the client.)
■
The RADIUS server and client also have to support the same EAP
authentication type - MD5, PEAP, TLS, or TTLS. (Native support for
these encryption methods is provided in Windows XP, and in
Windows 2000 with Service Pack 4. To support these encryption
methods in Windows 95 and 98, you can use the AEGIS dot1x client
or other comparable client software.)
MAC-based authentication allows for authentication of more than one user
on the same port, and does not require the user to have special 802.1X
software installed on his system. The switch uses the client's MAC address
to authenticate against the backend server. However, note that intruders
can create counterfeit MAC addresses, which makes MAC-based
authentication less secure than 802.1X authentication.
To Next Page
Loading...
