Filter
Top Products
AT-9000 Switch Command Line User’s Guide
867
Authentication Methods for Authenticator Ports
Authenticator ports support two authentication methods:
802.1x username and password combination
This authentication mode requires that the supplicants be assigned
unique username and password combinations on the RADIUS
server. A supplicant must provide the information either manually
or automatically when initially passing traffic through an
authenticator port and during reauthentications. The 802.1x client
software on the supplicant either prompts the user for the
necessary information or provides the information automatically.
Assigning unique username and password combinations to your
network users and requiring the users to provide the information
when they initially send traffic through the switch can enhance
network security by limiting network access to only those
supplicants who have been assigned valid combinations. Another
advantage is that the authentication is not tied to any specific
computer or node. An end user can log on from any system and
still be verified by the RADIUS server as a valid user of the switch
and network.
This authentication method requires 802.1x client software on the
supplicant nodes.
MAC address-based authentication
An alternative method is to use the MAC address of a node as the
username and password combination for the device. The client is
not prompted for this information. Rather, the switch extracts the
source MAC address from the initial frames received from a node
and automatically sends it as both the username and password of
the node to the RADIUS server for authentication.
The advantage to this approach is that the supplicant need not
have 802.1x client software. The disadvantage is that because the
client is not prompted for a username and password combination, it
does not guard against an unauthorized individual from gaining
access to the network through an unattended network node or by
counterfeiting a valid network MAC address.