Using Port Access Control
The Moxa switch provides two kinds of Port-Based Access Control: Static Port Lock and IEEE 802.1X.
Static Port Lock
In this case, the Moxa switch can also be configured to protect static MAC addresses for a specific port. With the
Port Lock function, these locked ports will not learn any additional addresses, but only allow traffic from preset
static MAC addresses, helping to block hackers and careless usage.
IEEE 802.1X
The IEEE 802.1X standard defines a protocol for client/server-based access control and authentication. The
protocol restricts unauthorized clients from connecting to a LAN through ports that are open to the Internet,
and which otherwise would be readily accessible. The purpose of the authentication server is to check each
client that requests access to the port. The client is only allowed access to the port if the client’s permission is
authenticated.
Three components are used to create an authentication mechanism based on 802.1X standards:
Client/Supplicant, Authentication Server, and Authenticator.
Client/Supplicant: The end station that requests access to the LAN and switch services and responds to the
requests from the switch.
Authentication Server: The server that performs the actual authentication of the supplicant.
Authenticator: Edge switch or wireless access point that acts as a proxy between the supplicant and the
authentication server, requesting identity information from the supplicant, verifying the information with the
authentication server, and relaying a response to the supplicant.
The Moxa switch acts as an authenticator in the 802.1X environment. A supplicant and an authenticator
exchange EAPOL (Extensible Authentication Protocol over LAN) frames with each other. We can either use an
external RADIUS server as the authentication server, or implement the authentication server in the Moxa
switch by using a Local User Database as the authentication look-up table. When we use an external RADIUS
server as the authentication server, the authenticator and the authentication server exchange EAP frames
between each other.
Authentication can be initiated either by the supplicant or the authenticator. When the supplicant initiates the
authentication process, it sends an EAPOL-Start frame to the authenticator. When the authenticator initiates
the authentication process or when it receives an EAPOL Start frame, it sends an EAP Request/Identity
frame to ask for the username of the supplicant.
Configuring Static Port Lock
The Moxa switch supports adding unicast groups manually if required.
Static Unicast MAC Address
Setting Description Factory Default
MAC Address Adds the static unicast MAC address into the address table. None
Port Associates the static address to a dedicated port. 1 or 1-1
To Next Page
Loading...
Need help?
General
