User Guide
Table Of Contents
- Chapter 1 – Getting Started
- Chapter 2 – System Status
- Chapter 3 – Quick Start
- Chapter 4 – System Management
- Chapter 5 – Port Management
- Chapter 6 – VLAN Management
- Chapter 7 - Spanning Tree Management
- Chapter 8 - MAC Address Management
- Chapter 9 – Multicast
- Chapter 10 - IP Interface
- Chapter 11 - IP Network Operations
- Chapter 12 – Security
- Chapter 13 - Access Control List
- Chapter 14 - Quality of Service
- Chapter 15 - Maintenance
- Chapter - 16 Support
155
Authentication Server
An authentication server performs the actual authentication of the client. The authentication
server for the device is a RADIUS authentication server with EAP extensions.
Port Administrative Authentication States
The port administrative state determines whether the client is granted access to the network.
The port administrative state can be configured in the Port Authentication page. The following
values are available:
•
Force Authorized Port authentication is disabled and the port transmits all traffic in
accordance with its static configuration without requiring any authentication. The switch
sends the 802.1x EAP-packet with the EAP success message inside when it receives the
802.1x EAPOL-start message. This is the default state.
•
Force Unauthorized Port authentication is disabled and the port transmits all traffic via
the guest VLAN. The switch sends 802.1x EAP packets with EAP failure messages inside
when it receives 802.1x EAPOL- Start messages.
•
Auto Enables 802.1 x authentications in accordance with the configured port host mode
and authentication methods configured on the port.
Port Host Modes
Ports can be placed in the following port host modes (configured in the Host Authentication page):
•
Multi-Host Mode
A port is authorized if there is at least one authorized client.
When a port is unauthorized and a guest VLAN is enabled, untagged traffic is remapped to
the guest VLAN. Tagged traffic is dropped unless it belongs to the guest VLAN.When a
port is authorized, untagged and tagged traffic from all hosts connected to the port is
bridged, based on the static VLAN membership port configuration.
You can specify that untagged traffic from the authorized port will be remapped to a
VLAN that is assigned by a RADIUS server during the authentication process. Tagged
traffic is dropped unless it belongs to the RADIUS-assigned VLAN. Radius VLAN
assignment on a port is set in the Port Authentication page.
•
Multi-Sessions Mode
Unlike multi-host modes, a port in the multi-session mode does not have an authentication
status. The maximum number of authorized hosts allowed on the port is configured in the
Port Authentication page.
Tagged and untagged traffic from unauthorized hosts is remapped to the guest VLAN if it is
defined and enabled on the VLAN, or it is dropped if the guest VLAN is not enabled on the port.
If an authorized host is assigned a VLAN by a RADIUS server, all its tagged and untagged traffic
is bridged via the VLAN. If the VLAN is not assigned, all its traffic is bridged based on the static
VLAN membership port configuration.