Loading ...
Loading ...
Loading ...
155
CHAPTER 18
Port Authentication
18.1 Port Authentication Overview
This chapter describes the IEEE 802.1x and MAC authentication methods.
Port authentication is a way to validate access to ports on the Switch to clients based on an external
server (authentication server). The Switch supports the following methods for port authentication:
• IEEE 802.1x
2
- An authentication server validates access to a port based on a username and
password provided by the user.
• MAC Authentication - An authentication server validates access to a port based on the MAC
address and password of the client.
Both types of authentication use the RADIUS (Remote Authentication Dial In User Service, RFC
2138, 2139) protocol to validate users. See RADIUS and TACACS+ on page 210 for more
information on configuring your RADIUS server settings.
Note: If you enable IEEE 802.1x authentication and MAC authentication on the same
port, the Switch performs IEEE 802.1x authentication first. If a user fails to
authenticate via the IEEE 802.1x method, then access to the port is denied.
18.1.1 What You Can Do
• Use the Port Authentication screen (Section 18.2 on page 157) to display the links to the
configuration screens where you can enable the port authentication methods.
• Use the 802.1x screen (Section 18.3 on page 157) to activate IEEE 802.1x security.
• Use the MAC Authentication screen (Section 18.4 on page 160) to activate MAC authentication.
18.1.2 What You Need to Know
IEEE 802.1x Authentication
The following figure illustrates how a client connecting to a IEEE 802.1x authentication enabled port
goes through a validation process. The Switch prompts the client for login information in the form of
a user name and password. When the client provides the login credentials, the Switch sends an
authentication request to a RADIUS server. The RADIUS server validates whether this client is
allowed access to the port.
Loading ...
Loading ...
Loading ...