GarrettCom MNS-6K 4.1.4 Switch User Manual


 
Chapter
8
8 – Access Using RADIUS
Using a RADIUS server to authenticate access….
his feature is available in MNS-6K-SECURE only. The IEEE 802.1x standard, Port Based
Network Access Control, defines a mechanism for port-based network access control that
makes use of the physical access characteristics of IEEE 802 LAN infrastructure. It
provides a means of authenticating and authorizing devices attached to LAN ports that
have point-to-point connection characteristics. It also prevents access to that port in cases
where the authentication and authorization fails. Although 802.1x is mostly used in
wireless networks, this protocol is also implemented in LANs. The Magnum 6K family of
switches implements the authenticator, which is a major component of 802.1x.
T
R
R
ADIUS
emote Authentication Dial-In User Service or RADIUS is a server that has been
traditionally used by many Internet Service Providers (ISP) as well as Enterprises to
authenticate dial in users. Today, many businesses use the RADIUS server for authenticating
users connecting into a network. For example, if a user connects a PC into the network,
whether the PC should be allowed access or not provides the same issues as to whether or
not a dial in user should be allowed access into the network or not. A user has to provide a
user name and password for authenticated access. A RADIUS server is well suited for
controlling access into a network by managing the users who can access the network on a
RADIUS server. Interacting with the server and taking corrective action(s) is not possible on
all switches. This capability is provided on the Magnum 6K family of switches.
j
RADIUS servers and its uses are also described by one or more RFCs.
802.1x
There are three major components of 802.1x: - Supplicant, Authenticator and
Authentication Server (RADIUS Server). In the figure below, the PC acts as the
supplicant. The supplicant is an entity being authenticated and desiring access to the
services. The switch is the authenticator. The authenticator enforces authentication before
allowing access to services that are accessible via that port. The authenticator is
responsible for communication with the supplicant and for submitting the information
106