User guide
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Section I
- Basic Operations
- Chapter 1
- Basic Switch Parameters
- Configuring the Switch’s Name, Location, and Contact
- Changing the Manager and Operator Passwords
- Setting the System Date and Time
- Rebooting a Switch
- Pinging a Remote System
- Returning the AT-S63 Management Software to the Factory Default Values
- Displaying the IP Address of the Local Interface
- Displaying System Information
- Chapter 2
- Port Parameters
- Chapter 3
- Enhanced Stacking
- Chapter 4
- SNMPv1 and SNMPv2c
- Chapter 5
- MAC Address Table
- Chapter 6
- Static Port Trunks
- Chapter 7
- Port Mirroring
- Section II
- Advanced Operations
- Chapter 8
- File System
- Chapter 9
- File Downloads and Uploads
- Chapter 10
- Event Logs and Syslog Client
- Chapter 11
- Classifiers
- Chapter 12
- Access Control Lists
- Chapter 13
- Class of Service
- Chapter 14
- Quality of Service
- Chapter 15
- Denial of Service Defenses
- Chapter 16
- IGMP Snooping
- Section III
- SNMPv3
- Chapter 17
- SNMPv3
- Configuring the SNMPv3 Protocol
- Enabling or Disabling SNMP Management
- Configuring the SNMPv3 User Table
- Configuring the SNMPv3 View Table
- Configuring the SNMPv3 Access Table
- Configuring the SNMPv3 SecurityToGroup Table
- Configuring the SNMPv3 Notify Table
- Configuring the SNMPv3 Target Address Table
- Configuring the SNMPv3 Target Parameters Table
- Configuring the SNMPv3 Community Table
- Displaying SNMPv3 Tables
- Section IV
- Spanning Tree Protocols
- Chapter 18
- Spanning Tree and Rapid Spanning Tree Protocols
- Chapter 19
- Multiple Spanning Tree Protocol
- Section V
- Virtual LANs
- Chapter 20
- Port-based and Tagged VLANs
- Chapter 21
- GARP VLAN Registration Protocol
- Section VI
- Port Security
- Chapter 22
- MAC Address-based Port Security
- Chapter 23
- 802.1x Port-based Network Access Control
- Section VII
- Management Security
- Chapter 24
- Encryption Keys, PKI, and SSL
- Chapter 25
- Secure Shell (SSH)
- Chapter 26
- TACACS+ and RADIUS Protocols
- Chapter 27
- Management Access Control List
- Index

AT-S63 Management Software Web Browser User’s Guide
Section VI: Port Security 359
Supplicant Mode
Sets the supplicant mode of an authenticator port. The possible
settings are:
Single: Configures the authenticator port to accept only one
authentication. This mode should be used together with the piggy-
back mode. When an authenticator port is set to the Single mode
and the piggy-back mode is disabled, only the one client who is
authenticated can use the port. Packets from or to other clients on
the port are discarded. If piggy-back mode is enabled, other clients
can piggy-back onto another client’s authentication and so be able
to use the port.
Multiple: Configures the port to accept up to 20 authentications.
Every client using an authenticator port in this mode must have a
username and password combination.
Port Control
The possible settings are:
Auto - Activates 802.1x port-based authentication and causes the port
to begin in the unauthorized state, allowing only EAPOL frames to be
sent and received through the port. The authentication process begins
when the link state of the port changes or the port receives an EAPOL-
Start packet from a supplicant. The switch requests the identity of the
client and begins relaying authentication messages between the client
and the authentication server. This is the default setting.
Force-authorized - Disables IEEE 802.1X port-based authentication
and causes the port to transition to the authorized state without any
authentication exchange required. The port transmits and receives
normal traffic without 802.1x-based authentication of the client.
Note
A supplicant connected to an authenticator port set to force-
authorized must have 802.1x client software if the port’s
authenticator mode is 802.1x. Though the force-authorized setting
prevents an authentication exchange, the supplicant must still have
the client software to forward traffic through the port.
Force-unauthorized - Causes the port to remain in the unauthorized
state, ignoring all attempts by the client to authenticate. The switch
cannot provide authentication services to the client through the
interface
Max Requests
Specifies the maximum number of times that the switch retransmits an
EAP Request packet to the client before it times out the authentication
session. The default value for this parameter is 2 retransmissions. The
range is 1 to 10 retransmissions.