Configuration Guide 543
Configuring Network Security Network Security
Client
A client, usually a computer, is connected to the authenticator via a physical port. We
recommend that you install TP-Link 802.1X authentication client software on the client
hosts, enabling them to request 802.1X authentication to access the LAN.
Authenticator
An authenticator is usually a network device that supports 802.1X protocol. As the above
figure shows, the switch is an authenticator.
The authenticator acts as an intermediate proxy between the client and the authentication
server. The authenticator requests user information from the client and sends it to the
authentication server; also, the authenticator obtains responses from the authentication
server and send them to the client. The authenticator allows authenticated clients to
access the LAN through the connected ports but denies the unauthenticated clients..
Authentication Server
The authentication server is usually the host running the RADIUS server program. It stores
information of clients, confirms whether a client is legal and informs the authenticator
whether a client is authenticated.
AAA
AAA stands for authentication, authorization and accounting. On TP-Link switches,
this feature is mainly used to authenticate the users trying to log in to the switch or get
administrative privileges. The administrator can create guest accounts and an Enable
password for other users. The guests do not have administrative privileges without the
Enable password provided.
AAA provides a safe and efficient authentication method. The authentication can be
processed locally on the switch or centrally on the RADIUS/TACACS+ server(s). As the
following figure shows, the network administrator can centrally configure the management
accounts of the switches on the RADIUS server and use this server to authenticate the
users trying to access the switch or get administrative privileges.
To Next Page
Loading...
