D-Link DGS-1510 Series Web Ui Reference Manual page 289

DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide
The D-Link implementation of 802.1X allows network administrators to choose between two types of
Access Control used on the Switch, which are:
•
Port-based Access Control – This method requires only one user to be authenticated per port
by a remote RADIUS server to allow the remaining users on the same port access to the network.
•
Host-based Access Control – Using this method, the Switch will automatically learn up to a
maximum of 448 MAC addresses by port and set them in a list. Each MAC address must be
authenticated by the Switch using a remote RADIUS server before being allowed access to the
Network.
Understanding 802.1X Port-based and Host-based Network Access Control
The original intent behind the development of 802.1X was to leverage the characteristics of point-to-point
in LANs. As any single LAN segment in such infrastructures has no more than two devices attached to it,
one of which is a Bridge Port. The Bridge Port detects events that indicate the attachment of an active
device at the remote end of the link, or an active device becoming inactive. These events can be used to
control the authorization state of the Port and initiate the process of authenticating the attached device if
the Port is unauthorized. This is the Port-based Network Access Control.
Port-based Network Access Control
Once the connected device has successfully been authenticated, the Port then becomes Authorized, and
all subsequent traffic on the Port is not subject to access control restriction until an event occurs that
causes the Port to become Unauthorized. Hence, if the Port is actually connected to a shared media LAN
segment with more than one attached device, successfully authenticating one of the attached devices
effectively provides access to the LAN for all devices on the shared segment. Clearly, the security offered
in this situation is open to attack.
Figure 9-9 The 802.1X Authentication Process
281