ES-2024 Series User’s Guide
Chapter 16 Port Authentication 112
CHAPTER 16
Port Authentication
This chapter describes the 802.1x authentication method and RADIUS server connection
setup. See Chapter 30 on page 182 for information on how to use the commands to configure
additional RADIUS server settings as well as multiple RADIUS server configuration.
16.1 Port Authentication Overview
IEEE 802.1x is an extended authentication protocol
2
that allows support of RADIUS (Remote
Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and
accounting management on a network RADIUS server.
16.1.1 RADIUS
RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol
used to authenticate users by means of an external server instead of (or in addition to) an
internal device user database that is limited to the memory capacity of the device. In essence,
RADIUS authentication allows you to validate an unlimited number of users from a central
location.
Figure 49 RADIUS Server
16.1.1.1 Vendor Specific Attribute
A Vendor Specific Attribute (VSA) is an attribute-value pair that is sent between a RADIUS
server and the switch. Configure VSAs on the RADIUS sever to set the switch to perform the
following actions on an authenticated user:
• Limit bandwidth on incoming or outgoing traffic
• Assign account privilege levels
2. At the time of writing, only Windows XP of the Microsoft operating systems supports it. See the Microsoft web site
for information on other Windows operating system support. For other operating systems, see its documentation.
If your operating system does not support 802.1x, then you may need to install 802.1x client software.