1. Manuals
  2. Brands
  3. Planet Manuals
  4. Switch
  5. XGSW-28040HP
  6. User manual

Planet XGSW-28040HP User Manual page 234

L2+ 24-port 10/100/1000mbps 802.3at poe + 4-port 10g sfp+ managed switch with hardware layer3 ipv4/ipv6 static routing
Hide thumbs Also See for XGSW-28040HP:
Table of Contents

Advertisement

User's Manual of XGSW-28040HP
characteristics as does port-based 802.1X. In Single 802.1X, at most one
supplicant can get authenticated on the port at a time. Normal EAPOL frames are
used in the communication between the supplicant and the switch. If more than
one supplicant is connected to a port, the one that comes first when the port's link
comes up will be the first one considered. If that supplicant doesn't provide valid
credentials within a certain amount of time, another supplicant will get a chance.
Once a supplicant is successfully authenticated, only that supplicant will be
allowed access. This is the most secure of all the supported modes. In this mode,
the Port Security module is used to secure a supplicant's MAC address once
successfully authenticated.
Multi 802.1X
Multi 802.1X is - like Single 802.1X - not an IEEE standard, but a variant that
features many of the same characteristics. In Multi 802.1X, one or more
supplicants can get authenticated on the same port at the same time. Each
supplicant is authenticated individually and secured in the MAC table using the
Port Security module.
In Multi 802.1X it is not possible to use the multicast BPDU MAC address as
destination MAC address for EAPOL frames sent from the switch towards the
supplicant, since that would cause all supplicants attached to the port to reply to
requests sent from the switch. Instead, the switch uses the supplicant's MAC
address, which is obtained from the first EAPOL Start or EAPOL Response
Identity frame sent by the supplicant. An exception to this is when no supplicants
are attached. In this case, the switch sends EAPOL Request Identity frames
using the BPDU multicast MAC address as destination - to wake up any
supplicants that might be on the port.
The maximum number of supplicants that can be attached to a port can be
limited using the Port Security Limit Control functionality.
MAC-based Auth.
Unlike port-based 802.1X, MAC-based authentication is not a standard, but
merely a best-practices method adopted by the industry. In MAC-based
authentication, users are called clients, and the switch acts as the supplicant on
behalf of clients. The initial frame (any kind of frame) sent by a client is snooped
by the switch, which in turn uses the client's MAC address as both username and
password in the subsequent EAP exchange with the RADIUS server. The 6-byte
MAC address is converted to a string on the following form "xx-xx-xx-xx-xx-xx",
that is, a dash (-) is used as separator between the lower-cased hexadecimal
digits. The switch only supports the MD5-Challenge authentication method, so
234

Advertisement

Table of Contents
loading

Related Manuals for Planet XGSW-28040HP

Related Products for Planet XGSW-28040HP

Table of Contents