Support User Manuals

GarrettCom MNS-6K-SECURE 14.1.4 Switch User Manual

Open as PDF

of 364

Chapter

8

8 – Access Using RADIUS

Using a RADIUS server to authenticate access….

his feature is available in MNS-6K-SECURE only. The IEEE 802.1x standard, Port Based

Network Access Control, defines a mechanism for port-based network access control that

makes use of the physical access characteristics of IEEE 802 LAN infrastructure. It

provides a means of authenticating and authorizing devices attached to LAN ports that

have point-to-point connection characteristics. It also prevents access to that port in cases

where the authentication and authorization fails. Although 802.1x is mostly used in

wireless networks, this protocol is also implemented in LANs. The Magnum 6K family of

switches implements the authenticator, which is a major component of 802.1x.

T

R

R

ADIUS

emote Authentication Dial-In User Service or RADIUS is a server that has been

traditionally used by many Internet Service Providers (ISP) as well as Enterprises to

authenticate dial in users. Today, many businesses use the RADIUS server for authenticating

users connecting into a network. For example, if a user connects a PC into the network,

whether the PC should be allowed access or not provides the same issues as to whether or

not a dial in user should be allowed access into the network or not. A user has to provide a

user name and password for authenticated access. A RADIUS server is well suited for

controlling access into a network by managing the users who can access the network on a

RADIUS server. Interacting with the server and taking corrective action(s) is not possible on

all switches. This capability is provided on the Magnum 6K family of switches.

j

RADIUS servers and its uses are also described by one or more RFCs.

802.1x

There are three major components of 802.1x: - Supplicant, Authenticator and

Authentication Server (RADIUS Server). In the figure below, the PC acts as the

supplicant. The supplicant is an entity being authenticated and desiring access to the

services. The switch is the authenticator. The authenticator enforces authentication before

allowing access to services that are accessible via that port. The authenticator is

responsible for communication with the supplicant and for submitting the information

106

previous next