Table of Contents
Advertisement
Manageable Mosaic switch Installation and User Guide
5.1.7 Web Management User's Authentication
Legrand manageable devices can be configured to seek user level password authentication from a
central Radius server, such as from a Freeradius, Winradius or Radiator server, while logging in from a
Web browser. The advantage of storing user level passwords in the Radius server is that if / when the
Web management passwords are changed, they need be changed only in the Radius server and not in
each individual device.
Activating the Web management user authentication, via a Radius server, is described in Section 3.2.1.
5.2
Securing Network Access
The manageable Mosaic switch provides enhanced network security features by introducing advanced
port based network access control. The manageable Mosaic switch supports port based MAC access
security as well as 802.1X port based network access security (optional).
5.2.1 MAC Access Security - Securing User Access to the Network
The MAC access security protects the network from unauthorized "guests" attempting to access the
network through the user ports of the device.
MAC security takes advantage of the automatic learning and aging time of the access switch to
provide MAC level network access security. MAC security operates on active devices, devices that send
out frames to the network on a regular basis like any standard PC, notebook or other workstation. It is
not recommended to use MAC security for a passive device (for instance a printer) since passive
devices do not initiate frame transmissions and therefore are not "learned" automatically by the device.
The MAC security feature is configurable only from the administrator and technician levels. MAC
security has two operation modes, High Security Level and Low Security Level.
5.2.1.1 High Security Level
High security allows only one specific MAC address on the port look-up table. If the port learns
additional or different MAC addresses, the port will immediately be blocked. The port will re-open
automatically only when the permitted device is connected and the aging time has elapsed of all other
MAC addresses. High security ensures single device access to the port.
For example, the network manager can designate the MAC address of an employee's workstation to a
specific port as the only approved address for this port. In this way, the employee's PC has sole use of
that port. If another device connects to that port, the port will block all data transmission.
5.2.1.2 Low Security Level
Low security enables the access of multiple devices to one secured port (or a segment connected to
the port via an additional external switch / hub) as long as one of the devices connected to the port
bears a specified MAC address. When the designated device is connected to the port, the presence of
its specified MAC address on the look-up table of the port opens port access for all the devices on the
SUMMARY
Page 61 of 87
Advertisement
Table of Contents
