Filter
Top Products
Chapter 60: 802.1x Port-based Network Access Control
864
Overview
This chapter explains 802.1x port-based network access control. This port
security feature lets you control who can send traffic through and receive
traffic from the individual switch ports. The switch does not allow an end
node to send or receive traffic through a port until the user of the node has
been authenticated by a RADIUS server.
This feature is used to prevent unauthorized individuals from connecting a
computer to a switch port or using an unattended workstation to access
your network resources. Only those users designated as valid network
users on a RADIUS server are permitted to use the switch to access the
network.
This port security method uses the RADIUS authentication protocol. The
management software of the switch includes RADIUS client software. If
you have already read Chapter 88, “RADIUS and TACACS+ Clients” on
page 1361, then you know that you can also use the RADIUS client
software on the switch, along with a RADIUS server on your network, to
create new remote manager accounts.
Note
RADIUS with Extensible Authentication Protocol (EAP) extensions
is the only supported authentication protocol for 802.1x port-based
network access control. This feature is not supported with the
TACACS+ authentication protocol.
Here are several terms to keep in mind when using this feature.
Supplicant - A supplicant is an end user or end node that wants to
access the network through a switch port. A supplicant is also
referred to as a client.
Authenticator - The authenticator is a port that prohibits network
access until a supplicant has logged on and been validated by the
RADIUS server.
Authentication server - The authentication server is the network
device that has the RADIUS server software. This is the device
that does the actual authenticating of the supplicants.
The switch does not authenticate any supplicants connected to its ports.
Its function is to act as an intermediary between the supplicants and the
authentication server during the authentication process.