Filter
Top Products
Chapter 60: 802.1x Port-based Network Access Control
878
General Steps
Here are the general steps to implementing 802.1x Port-based Network
Access Control and RADIUS accounting on the switch:
1. You must install a RADIUS server on one or more of your network
servers or management stations. Authentication protocol server
software is not available from Allied Telesis. Funk Software Steel-
Belted Radius and Free Radius have been verified as fully compatible
with the switch’s management software.
Note
This feature is not supported with the TACACS+ authentication
protocol.
2. You must create supplicant accounts on the RADIUS server:
– An account for a supplicant connected to an authenticator port set
to the 802.1x authentication mode must have a username and
password combination. The maximum username length is 38
alphanumeric characters and spaces, and the maximum length for
a password is 16 alphanumeric characters and spaces.
– An account for a supplicant connected to an authenticator port set
to the MAC address-based authentication mode must use the
MAC address of the node as both the username and password.
When entering the MAC address, do not use spaces or colons (:).
3. Clients connected to an authenticator port set to the 802.1x
authentication method will need 802.1x client software. Microsoft
WinXP client software and Meeting House Aegis client software have
been verified as fully compatible with the switch’s management
software. (802.1x client software is not required when an authenticator
port is set to the MAC address-based authentication method.)
4. You must configure the RADIUS client on the switch by entering the IP
addresses and encryption keys of the authentication servers on your
network.
5. You must configure the port access control settings on the switch. This
involves the following:
Specifying the port roles.
Configuring 802.1x port parameters.
Enabling 802.1x Port-based Network Access Control.
6. To monitor the clients with RADIUS accounting, you must configure
the service on the switch.