Authentication Modes - Avaya G250 Administration
Media gateways
Hide thumbs
Also See for G250:
- Administration manual (840 pages) ,
- Reference (812 pages) ,
- Administration (620 pages)
Table of Contents
Advertisement
Accessing the Avaya G250/G350 Media Gateway
The 802.1x protocol defines an interaction between the following three entities:
Supplicant — an entity (the host) at one end of a point-to-point LAN segment that is
●
requesting authentication
Authenticator — an entity (in this case the G250/G350) at the other end of a point-to-point
●
LAN segment that facilitates authentication of the Supplicant
Authentication (RADIUS) Server — an entity that provides an authentication service to the
●
Authenticator. The Authentication Server determines, from the credentials provided by the
Supplicant, whether the Supplicant is authorized to access the services provided by the
Authenticator.
Authentication Modes
Port-based — the authentication mode defined by the 802.1x standard. This mode
●
requires that each 10/100 802.1x-enabled port be connected directly to a single 802.1x
Supplicant, so security will be maintained. If more clients are connected to that port, the
first authenticated client opens the port and all other clients are able to enter the network
without the need for authentication.
Port-based mode is the default mode and it is backward compatible with the 802.1x
implementation in previous releases.
This mode is also known as Single Supplicant mode.
MAC-based — an extension to the 802.1x standard. In this mode, multiple Supplicants are
●
connected to an 802.1x-enabled port via an external repeater/hub. Authentication is
performed per MAC address.
The main application for the MAC-based mode is to allow the connection of an Avaya IP
phone and a PC which are connected to the same gateway port and support the 802.1x
application. In previous releases, this case could not be supported because in port-based
mode the gateway authenticates the port and not the stations connected to it. Thus,
connecting two supplicants to the same port in port-base mode could confuse the gateway.
This mode is also known as Multi Supplicant mode.
Note:
It is highly recommended to configure all ports in MAC-based mode.
Note:
How port based authentication works
The authentication procedure is port-based, which means:
Access control is achieved by enforcing authentication on connected ports.
●
If an endpoint station that connects to a port is not authorized, the port state is set to
●
"unauthorized", which closes the port to all traffic.
50 Administration for the Avaya G250 and Avaya G350 Media Gateways
Advertisement
Table of Contents
