Filter
Top Products
AT-9000 Switch Command Line User’s Guide
879
Guidelines
Here are the general guidelines to this feature:
Ports operating under port-based access control do not support
dynamic MAC address learning.
A port that is connected to a RADIUS authentication server must
not be set to the authenticator role because an authentication
server cannot authenticate itself.
The authentication method of an authenticator port can be either
802.1x username and password combination or MAC address-
based, but not both.
A supplicant connected to an authenticator port set to the 802.1x
username and password authentication method must have 802.1x
client software.
A supplicant does not need 802.1x client software if the
authentication method of an authenticator port is MAC address-
based.
Authenticator ports set to the multi supplicant mode can support up
to a maximum of 320 authenticated supplicants at one time.
The maximum number of supplicants supported on authenticator
ports set to the multi supplicant mode is 320. An authenticator port
stops accepting new clients after the maximum number is reached.
The maximum number of authenticated clients on the entire switch
is 480. New supplicants are rejected once the maximum number is
reached. New clients are accepted as supplicants log out or are
timed out.
An 802.1x username and password combination is not tied to the
MAC address of an end node. This allows end users to use the
same username and password when working at different
workstations.
After a client has successfully logged on, the MAC address of the
end node is added to the switch’s MAC address table as an
authenticated address. It remains in the table until the client logs
off the network or fails to reauthenticate, at which point the address
is removed. The address is not timed out, even if the node
becomes inactive.
Note
End users of 802.1x port-based network access control should be
instructed to always log off when they are finished with a work
session. This can prevent unauthorized individuals from accessing
the network through unattended network workstations.