Filter
Top Products
Chapter 12: 802.1x Network Access Control
172 Section I: Using the Menus Interface
Note
Connecting multiple supplicants to a switch port set to the Auto
setting does not conform to the IEEE 802.1x standard. This can
introduce security risks and can result in undesirable switch
behavior. To avoid this, Allied Telesis recommends use the Force-
authorized setting on those ports that are connected to more than
one end node, such as a port connected to another switch or to a
hub.
A username and password combination is not tied to the MAC address
of an end node. This allows end users to use the same username and
password when working at different workstations.
After a supplicant has successfully logged on, the MAC address of the
end node is added to the switch’s MAC address table as an
authenticated address. It remains in the table until the end user logs off
the network. The address is not timed out, even if the end node
becomes inactive.
Note
End users of access control should be instructed to always log off
when they are finished with a work session. This prevents
unauthorized individuals from accessing the network through
unattended network workstations.
There should be only one port in the authenticator port control setting
of Auto between a client and the authentication server.