Port Authentication; Port Authentication Overview - ZyXEL Communications GS2210-8 User Manual

18.1 Port Authentication Overview

This chapt er describes t he I EEE 802.1x and MAC aut hent icat ion m et hods.
Port aut hent icat ion is a way t o validat e access t o port s on t he Swit ch t o client s based on an ext ernal
server ( aut hent icat ion server) . The Swit ch support s t he following m et hods for port aut hent icat ion:
• I EEE 8 0 2 .1 x
password provided by t he user.
• M AC Aut he nt ica t ion - An aut hent icat ion server validat es access t o a port based on t he MAC
address and password of t he client .
Bot h t ypes of aut hent icat ion use t he RADI US ( Rem ot e Aut hent icat ion Dial I n User Service, RFC
2138, 2139) prot ocol t o validat e users. See
inform at ion on configuring your RADI US server set t ings.
Not e: I f you enable I EEE 802.1x aut hent icat ion and MAC aut hent icat ion on t he sam e
port , t he Swit ch perform s I EEE 802.1x aut hent icat ion first . I f a user fails t o
aut hent icat e via t he I EEE 802.1x m et hod, t hen access t o t he port is denied.
18.1.1 What You Can Do
• Use t he Por t Aut he n t ica t ion screen (
configurat ion screens where you can enable t he port aut hent icat ion m et hods.
• Use t he 8 0 2 .1 x screen (
• Use t he M AC Aut he nt ica t ion screen (
18.1.2 What You Need to Know
IEEE 802.1x Authentication
The following figure illust rat es how a client connect ing t o a I EEE 802.1x aut hent icat ion enabled port
goes t hrough a validat ion process. The Swit ch prom pt s t he client for login inform at ion in t he form of
a user nam e and password. When t he client provides t he login credent ials, t he Swit ch sends an
aut hent icat ion request t o a RADI US server. The RADI US server validat es whet her t his client is
allowed access t o t he port .
2. At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation.
If your operating system does not support 802.1x, then you may need to install 802.1x client software.
2
- An aut hent icat ion server validat es access t o a port based on a usernam e and
Sect ion 18.2 on page
Sect ion 18.3 on page
Sect ion 18.4 on page
GS2210 Series User's Guide
157
C
HAPTER

Port Authentication

RADI US and TACACS+ on page 212
159) t o display t he links t o t he
159) t o act ivat e I EEE 802.1x securit y.
162) t o act ivat e MAC aut hent icat ion.
1 8
for m ore