3Com 3C17300A Implementation Guide - Page 80

80 CHAPTER 10: MAKING YOUR NETWORK SECURE This mode can only be considered totally secure if the Rada based authentication is configured to deny access to secure network resources, and where 802.1X Network Login does not share a port (that is not via a hub). What is Network Login? Network Login controls user access at the network edge by blocking or unblocking access on a per-port basis. When a client device attempts to connect to a Switch port, the user is challenged to provide their identity and authentication credentials in the form of a user name and password. The user information is then sent to a remote RADIUS server in the network for authentication. This information must be successfully authenticated and authorized before the client device is granted access to the network. For further information about RADIUS, see "What is RADIUS?" on page 85. The client device must be directly connected to the Switch port (no intervening switch or hub) as the Switch uses the link status to determine if an authorized client device is connected. Network Login will not operate correctly if there is a "bridge" device between the client device and the Switch port, or if there are multiple client devices attached via a hub to the Switch port. In addition to providing protection against unauthorized network access, Network Login also allows the user of a port to be identified. This user identification information can be used for service accounting or billing, or to help network administrators resolve problems. Network Login is a feature that is particularly relevant in publicly accessible networks, such as education campuses or conference facilities, which often have limited control over physical access to areas with live network connections. Network Login is based on the IEEE Std 802.1X-2001, which defines a mechanism for user authentication for port-based network access control. For further information about Network Login, see "Auto VLAN Assignment" on page 83.