Chapter 8 Security; 184 - D-Link DGS-3000 series Reference Manual

DGS-3000 Series Layer 2 Managed Gigabit Switch Web UI Reference Guide
Chapter 8
802.1X
RADIUS
IP-MAC-Port Binding (IMPB)
MAC-based Access Control (MAC)
Compound Authentication
Port Security
ARP Spoofing Prevention Settings
BPDU Attack Protection
Traffic Segmentation Settings
NetBIOS Filtering Settings
DHCP Server Screening
Access Authentication Control
SSL Settings
SSH
Trusted Host Settings
Safeguard Engine Settings
DoS Attack Prevention Settings
IGMP Access Control Settings
802.1X
802.1X (Port-Based and Host-Based Access Control)
The IEEE 802.1X standard is a security measure for
authorizing and authenticating users to gain access to
various wired or wireless devices on a specified Local
Area Network by using a Client and Server based
access control model. This is accomplished by using a
RADIUS server to authenticate users trying to access a
network by relaying Extensible Authentication Protocol
over LAN (EAPOL) packets between the Client and the
Server. The following figure represents a basic EAPOL
packet:
Utilizing this method, unauthorized devices are
restricted from connecting to a LAN through a port to
which the user is connected. EAPOL packets are the
only traffic that can be transmitted through the specific
port until authorization is granted. The 802.1X Access
Control method has three roles, each of which are vital
to creating and up keeping a stable and working
Access Control security method.
The following section will explain the three roles of Client, Authenticator and Authentication Server in greater detail.
Security
Figure 8-1 The EAPOL Packet
Figure 8-2 The three roles of 802.1X

184