Table of Contents
Advertisement
152 BES50 advanced features fundamentals
network through that port. If a device with an unauthorized MAC address
attempts to use the switch port, the intrusion are detected and the switch can
automatically take action by disabling the port and sending a trap message.
802.1X port authentication
Network switches can provide open and easy access to network resources
by simply attaching a client PC. Although this automatic configuration and
access is a desirable feature, it also allows unauthorized personnel to easily
intrude and possibly gain access to sensitive network data.
The IEEE 802.1X standard defines a port-based access control procedure
that prevents unauthorized access to a network by requiring users to first
submit credentials for authentication. Access to all switch ports in a network
can be centrally controlled from a server, which means that authorized
users can use the same credentials for authentication from any point within
the network.
The following figure illustrates an 802.1X port authentication configuration.
Configuring 802.1X port authentication
The switch uses the Extensible Authentication Protocol over LANs (EAPOL)
to exchange authentication protocol messages with the client, and a
remote RADIUS authentication server to verify user identity and access
rights. When a client (Supplicant) connects to a switch port, the switch
(Authenticator) responds with an EAPOL identity request. The client
provides its identity (such as a user name) in an EAPOL response to the
Copyright © 2006, Nortel Networks
.
SMB
Using the Nortel Business Ethernet Switch 50 Series
NN47924-301 01.01 Standard
1.00 October 2006
Nortel Networks Confidential
Hide quick links:
Advertisement
Table of Contents
