Eap - Avaya 8800 Planning And Engineering, Network Design

Ethernet routing switch

Hide thumbs Also See for 8800:

Troubleshooting manual (484 pages)

Planning and engineering (306 pages)

Configuration manual (226 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

page of 327

/ 327
Contents
Table of Contents
Bookmarks

Table of Contents

•

Security at Layer 3: announce and accept policies

•

Routing protocol security

EAP

To protect the network from inside threats, the switch supports the 802.1x standard. EAP separates

user authentication from device authentication. If EAP is enabled, end-users must securely logon to

the network before obtaining access to any resource.

Interaction between 802.1x and Optivity Policy Server v4.0

User-based networking links EAP authorization to individual user-based security policies based on

individual policies. As a result, network managers can define corporate policies and configure them

on a per-port basis. This adds additional security based on a logon and password.

The Avaya Optivity Policy Server supports 802.1x EAP authentication against RADIUS and other

authentication, authorization, and accounting (AAA) repositories. This support helps authenticate the

user, grants access to specific applications, and provides real time policy provisioning capabilities to

mitigate the penetration of unsecured devices.

The following figure shows the interaction between 802.1x and Optivity Policy Server. First, the user

initiates a logon from a user access point and receives a request/identify request from the switch

(EAP access point). The user is presented with a network logon. Prior to DHCP, the user does not

have network access because the EAP access point port is in EAP blocking mode. The user

provides User/Password credentials to the EAP access point via Extensible Authentication Protocol

Over LAN (EAPoL). The client PC is considered both a RADIUS peer user and an EAP supplicant.

Figure 139: 802.1x and OPS interaction

Software support is included for the Preside (Funk) and Microsoft IAS RADIUS servers. Additional

RADIUS servers that support the EAP standard should also be compatible with the Avaya Ethernet

Routing Switch 8800/8600. For more information, contact your Avaya representative.

June 2016

on page 278

Planning and Engineering — Network Design

Comments on this document? infodev@avaya.com

on page 278

Data plane security

273

Table of Contents

This manual is also suitable for:

8600

Eap - Avaya 8800 Planning And Engineering, Network Design

EAP

Related Manuals for Avaya 8800

Related Content for Avaya 8800

This manual is also suitable for:

Table of Contents