D-Link DGS-3000 Series Reference Manual page 217

The D-Link implementation of 802.1X allows network administrators to choose between two types of Access Control
used on the Switch, which are:
1. Port-Based Access Control – This method requires only one user to be authenticated per port by a remote
RADIUS server to allow the remaining users on the same port access to the network.
2. Host-Based Access Control – Using this method, the Switch will automatically learn up to a maximum of 448
MAC addresses by port and set them in a list. Each MAC address must be authenticated by the Switch using
a remote RADIUS server before being allowed access to the Network.
Understanding 802.1X Port-based and Host-based Network Access Control
The original intent behind the development of 802.1X was to leverage the characteristics of point-to-point in LANs. As
any single LAN segment in such infrastructures has no more than two devices attached to it, one of which is a Bridge
Port. The Bridge Port detects events that indicate the attachment of an active device at the remote end of the link, or
an active device becoming inactive. These events can be used to control the authorization state of the Port and initiate
the process of authenticating the attached device if the Port is unauthorized. This is the Port-Based Network Access
Control.
Port-based Network Access Control
Once the connected device has successfully been authenticated, the Port then becomes Authorized, and all
subsequent traffic on the Port is not subject to access control restriction until an event occurs that causes the Port to
DGS-3000 Series Gigabit Ethernet Switch Web UI Reference Guide
Figure 8-6 The 802.1X Authentication Process
208