Owner manual
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Section I
- Basic Operations
- Chapter 1
- Overview
- Chapter 2
- Enhanced Stacking
- Chapter 3
- SNMPv1 and SNMPv2c
- Chapter 4
- MAC Address Table
- Chapter 5
- Static Port Trunks
- Chapter 6
- LACP Port Trunks
- Chapter 7
- Port Mirror
- Section II
- Advanced Operations
- Chapter 8
- File System
- Chapter 9
- Event Logs and the Syslog Client
- Chapter 10
- Classifiers
- Chapter 11
- Access Control Lists
- Chapter 12
- Class of Service
- Chapter 13
- Quality of Service
- Chapter 14
- Denial of Service Defenses
- Chapter 15
- Power Over Ethernet
- Section III
- Snooping Protocols
- Chapter 16
- IGMP Snooping
- Chapter 17
- MLD Snooping
- Chapter 18
- RRP Snooping
- Chapter 19
- Ethernet Protection Switching Ring Snooping
- Section IV
- SNMPv3
- Chapter 20
- SNMPv3
- Section V
- Spanning Tree Protocols
- Chapter 21
- Spanning Tree and Rapid Spanning Tree Protocols
- Chapter 22
- Multiple Spanning Tree Protocol
- Section VI
- Virtual LANs
- Chapter 23
- Port-based and Tagged VLANs
- Chapter 24
- GARP VLAN Registration Protocol
- Chapter 25
- Multiple VLAN Modes
- Chapter 26
- Protected Ports VLANs
- Chapter 27
- MAC Address-based VLANs
- Section VII
- Routing
- Chapter 28
- Internet Protocol Version 4 Packet Routing
- Supported Platforms
- Overview
- Routing Interfaces
- Interface Names
- Static Routes
- Routing Information Protocol (RIP)
- Default Routes
- Equal-cost Multi-path (ECMP) Routing
- Routing Table
- Address Resolution Protocol (ARP) Table
- Internet Control Message Protocol (ICMP)
- Routing Interfaces and Management Features
- Local Interface
- AT-9408LC/SP AT-9424T/GB, and AT-9424T/SP Switches
- Routing Command Example
- Non-routing Command Example
- Upgrading from AT-S63 Version 1.3.0 or Earlier
- Chapter 29
- BOOTP Relay Agent
- Chapter 30
- Virtual Router Redundancy Protocol
- Section VIII
- Port Security
- Chapter 31
- MAC Address-based Port Security
- Chapter 32
- 802.1x Port-based Network Access Control
- Section IX
- Management Security
- Chapter 33
- Web Server
- Chapter 34
- Encryption Keys
- Chapter 35
- PKI Certificates and SSL
- Chapter 36
- Secure Shell (SSH)
- Chapter 37
- TACACS+ and RADIUS Protocols
- Chapter 38
- Management Access Control List
- Appendix A
- AT-S63 Management Software Default Settings
- Address Resolution Protocol Cache
- Boot Configuration File
- BOOTP Relay Agent
- Class of Service
- Denial of Service Defenses
- 802.1x Port-Based Network Access Control
- Enhanced Stacking
- Ethernet Protection Switching Ring (EPSR) Snooping
- Event Logs
- GVRP
- IGMP Snooping
- Internet Protocol Version 4 Packet Routing
- MAC Address-based Port Security
- MAC Address Table
- Management Access Control List
- Manager and Operator Account
- Multicast Listener Discovery Snooping
- Public Key Infrastructure
- Port Settings
- RJ-45 Serial Terminal Port
- Router Redundancy Protocol Snooping
- Server-based Authentication (RADIUS and TACACS+)
- Simple Network Management Protocol
- Simple Network Time Protocol
- Spanning Tree Protocols (STP, RSTP, and MSTP)
- Secure Shell Server
- Secure Sockets Layer
- System Name, Administrator, and Comments Settings
- Telnet Server
- Virtual Router Redundancy Protocol
- VLANs
- Web Server
- Appendix B
- SNMPv3 Configuration Examples
- Appendix C
- Features and Standards
- 10/100/1000Base-T Twisted Pair Ports
- Denial of Service Defenses
- Ethernet Protection Switching Ring Snooping
- Fiber Optic Ports (AT-9408LC/SP Switch)
- File System
- DHCP and BOOTP Clients
- Internet Protocol Multicasting
- Internet Protocol Version 4 Routing
- MAC Address Table
- Management Access and Security
- Management Access Methods
- Management Interfaces
- Management MIBs
- Port Security
- Port Trunking and Mirroring
- Spanning Tree Protocols
- System Monitoring
- Traffic Control
- Virtual LANs
- Virtual Router Redundancy Protocol
- Appendix D
- MIB Objects
- Index
Chapter 32: 802.1x Port-based Network Access Control
372 Section VIII: Port Security
If the clients are connected to an 802.1x-compliant device, such as
another AT-9400 Switch, you can automate the initial log on and
reauthentications by configuring one of the switch ports as a supplicant. In
this manner, the log on and reauthentications are performed
automatically, eliminating the need for relying on an individual to perform
the task. This scenario is illustrated in Figure 40.
Figure 40. Single Operating Mode with Multiple Clients Using the Piggy-
back Feature - Example 2
None of the workstations connected to switch B need to be authenticated
or require 802.1x client software when accessing switch A because the log
on to switch A and the subsequent reauthentications are performed
automatically by the supplicant port on switch B, which is connected to an
authenticator port on switch A with piggy-back mode enabled. It should be
noted, however, that in this particular scenario the clients have full access
to the resources of switch B even if the switch fails to log on or
reauthenticate to switch A.
The example in the next figure again illustrates two 802.1x-compliant
switches. The primary difference between this and the previous example
is that the clients in the previous example did not have to log on to access
switch B. In this example the clients have to log on to have any access at
all to the network.
AT-9400 Switch (A)
FAULT
RPS
MASTER
POWER
CLASS 1
LASER PRODUCT
STATUS
TERMINAL
PORT
1357911
2 4 6 8 10 12
13 15 17 19 21 23R
14 16 18 20 22 24R
AT-9424T/SP
Gigabit Ethernet Switch
1357911131517192123R
2 4 6 8 10 12 14 16 18 20 22 24R
23 24
L/A
D/C
D/C
L/A
D/C
L/A
1000 LINK / ACT
HDX /
COL
FDX
10/100 LINK / ACT
PORT ACTIVITY
L/A
1000 LINK / ACT
SFP
SFP
24
SFP
23
RADIUS
Authentication
Server
Port 6
Role: Authenticator
Operating Mode: Single
Piggy-back Mode: Enabled
Port 11
Role: Supplicant
Username: sales_switch
Password: wind4411
FAULT
RPS
MASTER
POWER
CLASS 1
LASER PRODUCT
STATUS
TERMINAL
PORT
1357911
2 4 6 8 10 12
13 15 17 19 21 23R
14 16 18 20 22 24R
AT-9424T/SP
Gigabit Ethernet Switch
1357911131517192123R
2 4 6 8 10 12 14 16 18 20 22 24R
23 24
L/A
D/C
D/C
L/A
D/C
L/A
1000 LINK / ACT
HDX /
COL
FDX
10/100 LINK / ACT
PORT ACTIVITY
L/A
1000 LINK / ACT
SFP
SFP
24
SFP
23
Client Ports:
Role: None
Unauthenticated
Clients
AT-9400 Switch (B)