Understanding 802.1X Port-Based Security - Symbol ES3000 Manual

9-2 ES3000 Advanced Concept Guide

9.1 Understanding 802.1x Port-Based Security

The ES3000 switch provides port-based security to prevent unauthorized clients from accessing a
network. This security feature implements the IEEE 802.1x port-level authentication standard.
Workstations
(Clients)
In 802.1x port-based authentication, the network devices have specific roles, as shown in
• Client/Supplicant: The device that requests access to the network. The client uses the
Extensible Authentication Protocol (EAP) to communicate with the authenticator. In the IEEE
802.1x specification, the terminology used for client is supplicant.
• Authenticator: The device that controls access to the network using 802.1x authorization.
The authenticator receives a username and password from the client, then passes a request
for authorization to the authentication server. Based on the results from the authentication
server, the authenticator allows or prohibits network access. In this scenario, the ES3000
switch can function as an authenticator.
• Authentication Server: The authentication server validates the username and password,
and notifies the authenticator whether access is granted or denied. The Authenticator can
also provide access privileges, which grant specific network privileges to the client, such as
VLAN access.
The switch's 802.1x implementation currently supports standard RADIUS (Remote Access Dial-In
Service) authentication servers. The EAP types supported include MD5, EAP-TLS, and PEAP.
To configure 802.1x port-based security on the ES3000 switch, configure the RADIUS server
parameters to define switch-to-server communication and the 802.1x authentication parameters for
each port.
ES3000 Switch
(Authenticator)
Figure 9.1 802.1x Device Roles
Radius Server
(Authentication Server)
Figure 9.1: