Dell 28xx Network Router User Manual


 
Update with your book title 95
7
Configuring Device Switching
This section provides all system operation and general information for configuring network security,
ports, Address tables, GARP, VLANs, Spanning Tree, Port Aggregation, and Multicast Support.
Configuring Network Security
The device enables network security through both Access Control Lists and Locked Ports.
Port Based Authentication (802.1x)
Port based authentication enables authenticating system users on a per-port basis via a external
server. Only authenticated and approved system users can transmit and receive data. Ports are
authenticated via the RADIUS server using the Extensible Authentication Protocol (EAP). Port
Authentication includes:
Authenticators
— Specifies the port that is authenticated before permitting system access.
Supplicants
— Specifies host connected to the authenticated port requesting to access the system
services.
Authentication Server
— Specifies the external server, for example, the RADIUS server that
performs the authentication on behalf of the authenticator, and indicates whether the user is
authorized to access system services.
Port based authentication creates two access states:
Controlled Access
— Permits communication between the user and the system, if the user is
authorized.
Uncontrolled Access
— Permits uncontrolled communication regardless of the port state.
The device currently supports Port Based Authentication via RADIUS servers.
Advanced Port Based Authentication
Advanced Port Based Authentication enables multiple hosts to be attached to a single port.
Advanced Port Based Authentication requires only one host to be authorized for all hosts to have
system access. If the port is unauthorized all attached hosts are denied access to the network.
Advanced Port Based Authentication also enables user based authentication. Specific VLANs in the
device are always available, even if specific ports attached to the VLAN are unauthorized. For
example, Voice over IP does not require authentication, while data traffic requires authentication.
VLANs for which authorization is not required can be defined. Unauthenticated VLANs are
available to users, even if the ports attached to the VLAN are defined as authorized.