9.2 802.1X
Switch can provide easy and open access to network resources for the connecting PC.
Although automatic configuration and access is a desirable feature, it also leads unauthorized
user to intrude and access to sensitive network data.
The IEEE 802.1X (dot1X) standard defines a port-based access control procedure that
prevents unauthorized user accessing the network by requiring users to first submit the
authenticated message to authentication server. Access to all switch interfaces in a network
can be centrally controlled from a server, which means that authorized users can use the same
authenticated message for authentication from any point within the network.
This switch uses the Extensible Authentication Protocol over LANs (EAPOL) to exchange
authentication messages between the client and RADIUS authentication server to verify user
identity and access rights. When a client (i.e., Supplicant) connects to a switch interface, the
switch (i.e., Authenticator) responds to an EAPOL identity request. The client provides its
identity (such as a user name) in an EAPOL response to the switch, which forwards to the
RADIUS server. The RADIUS server verifies the client identity and sends an allowed or
rejected message. The client can reject the authentication method and request another,
depending on the settings of client and RADIUS.
The RADIUS sends an accepted or a rejected message after verifying the content. If
authentication is successful, the switch allows the client to access the network. Otherwise,
non-EAP traffic on the interface will be blocked.
Port-based Access Control
Under Port-based access control, once the connected device passes the authentication
successfully, the interface turns to authorized status, and then all the traffic on this interface
will not be limited to the access control until the interface becomes unauthorized. Therefore,
if the network segment connected to the interface is a shared one in which multi network
To Next Page
Loading...
