Advanced Port-Based Authentication; Defining Network Authentication Properties - Alcatel OS-LS-6224 User Manual
User guide
Hide thumbs
Also See for OS-LS-6224:
- Getting started manual (60 pages) ,
- User manual (762 pages) ,
- Getting started manual (52 pages)
Table of Contents
Advertisement
3
Configuring the Switch
Advanced Port-Based Authentication
Advanced port-based authentication enables multiple hosts to be attached to a
single port. Advanced port-based authentication requires only one host to be
authorized for all hosts to have system access. If the port is unauthorized, all
attached hosts are denied access to the network.
Advanced port-based authentication also enables user-based authentication.
Specific VLANs in the device are always available, even if specific ports attached to
the VLAN are unauthorized. For example, Voice over IP does not require
authentication, while data traffic requires authentication. VLANs for which
authorization is not required can be defined. Unauthenticated VLANs are available
to users, even if the ports attached to the VLAN are defined as authorized.
Advanced port-based authentication is implemented in the following modes:
• Single Host Mode — Only the authorized host can access the port.
• Multiple Host Mode — Multiple hosts can be attached to a single port. Only one
host must be authorized for all hosts to access the network. If the host
authentication fails, or an EAPOL-logoff message is received, all attached clients
are denied access to the network.
• Multiple Sessions Mode - Multiple sessions mode enables number of specific
hosts that has been authorized to get access to the port. Filtering is based on the
source MAC address.
• Guest VLANs — Provides limited network access to authorized ports. If a port is
denied network access via port-based authorization, but the Guest VLAN is
enabled, the port receives limited network access. For example, a network
administrator can use Guest VLANs to deny network access via port-based
authentication, but grant Internet access to unauthorized users.
• Unauthenticated VLANS — Are available to users, even if the ports attached to
the VLAN are defined as unauthorized.
When configuring port based authentication, ensure the following:
• The switch must have an IP address assigned.
• RADIUS authentication must be enabled on the switch and the IP address of the
RADIUS server specified.
• Each switch port must be set to dot1x "Auto" mode.
• Each client that needs to be authenticated must have dot1x client software
installed and properly configured.
• The RADIUS server and 802.1x client support EAP. (The switch only supports
EAPOL in order to pass the EAP packets from the server to the client.)
• The RADIUS server and client also have to support the same EAP authentication
type – MD5. (Some clients have native support in Windows, otherwise the dot1x
client must support it.)
Defining Network Authentication Properties
The System Information Page allows network managers to configure network
authentication parameters. In addition, Guest VLANs are enabled from the System
152
- Quick Links:
- Chapter 2: Initial Configuration
Hide quick links:
Advertisement
Table of Contents
