Local Area Networks (LANs) are often deployed in environments that permit
the attachment of unauthorized devices. The networks also permit
unauthorized users to attempt to access the LAN through existing
equipment. In such environments, the administrator may desire to restrict
access to the services offered by the LAN.
Port-based network access control makes use of the physical characteristics of
LAN infrastructures to provide a means of authenticating and authorizing
devices attached to a LAN port. Port-based network access control prevents
access to the port in cases in which the authentication and authorization
process fails. A port is defined as a single point of attachment to the LAN.
The PowerConnect supports an 802.1x Authenticator service with a local
authentication server or authentication using remote RADIUS or TACACS
Supported security methods for communication with remote servers include
MD5, PEAP, EAP-TTL, EAP-TTLS, and EAP-TLS.
Local 802.1X Authentication Server
The PowerConnect switch supports a dedicated database for local
authentication of users for network access through the Dot1x feature. This
functionality is distinct from management access for the switch. This feature
supports creating users for Dot1x (port) access only.
The Internal Authentication Server feature provides support for the creation
of users for Dot1x access only, i.e. without management access. This feature
maintains a separate database (henceforth called as Dot1x user database) of
users allowed for Dot1x access.
A new authentication method internal is added to the list of methods
supported by authentication list creation in order to support the IDAS user
database lookup. The internal method cannot be added in the same
authentication list that has other methods like local, radius and reject.