Moxa Managed Ethernet Switch (UI_2.0_FW_5.x) User Manual
NOTE
The account privilege level is authorized under service type settings in RADIUS, and the privilege level is
under TACACS+.
RADIUS Server
• RADIUS Service type = 6 = read/write = administrator
• RADIUS Service type = 1 = read only = user
TACACS+ Server
• TACACS+ privilege level= 15 = read/write = administrator
• TACACS+ privilege level= 1 to 14 = read only = user
IEEE 802.1X Settings
The IEEE 802.1X standard def ines a protocol for client/server-based access control and authentication. The
protocol restricts unauthorized clients from connecting to a LAN through ports that are open to the Internet,
and which otherwise would be readily accessible. The purpose of the authentication server is to check each
client that requests access to the port. The client is only allowed access to the port if the client’s permission
is authenticated.
Three components are used to create an authentication mechanism based on 802.1X standards:
Client/Supplicant, Authentication Server, and Authenticator.
Client/Supplicant : The end station that requests access to the LAN and switch services and responds to
the requests f rom the switch.
Authentication Server: The server that perf orms the actual authentication of the supplicant.
Authenticator: Edge switch or wireless access point that acts as a proxy between the supplicant and the
authentication server, requesting identity information f rom the supplicant, verifying the information with the
authentication server, and relaying a response to the supplicant.
The Moxa switch acts as an authenticator in the 802.1X environment. A supplicant and an authenticator
exchange EAPOL (Extensible Authentication Protocol over LAN) f rames with each other. We can either use
an external RADIUS server as the authentication server, or implement the authentication server in the Moxa
switch by using a Local User Database as the authentication look-up table. When we use an external
RADIUS server as the authentication server, the authenticator and the authentication server exchange EAP
frames.
Authentication can be initiated either by the supplicant or the authenticator. When the supplicant initiates
the authentication process, it sends an EAPOL-Start f rame to the authenticator. When the authenticator
initiates the authentication process or when it receives an EAPOL Start f rame, it sends an EAP
Request/Identity f rame to ask f or the username of the supplicant.
To Next Page
Loading...
Need help?
General
