3Com 3C17300A Implementation Guide - Page 79
Rada Else Network Login Secure Network Login with Rada
![]() |
UPC - 662705493169
View all 3Com 3C17300A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 79 highlights
Port Security 79 ■ Rada (Radius Authenticated Device Access) Rada (Radius Authenticated Device Access) provides a means of disabling access and where necessary the VLAN assignment based purely on central authentication of an End Station's MAC address. In practice this can be used to provide RADIUS-based security for network administrators who do not have 802.1X clients installed. Another application would be to isolate individual PCs that have been identified to contain viruses. This mode should not be considered a totally secure mode, as it can be bypassed by MAC-address spoofing. Rada can authenticate multiple MAC addresses on a single port, Network Login authentication is limited to a single device on each port. ■ Rada Else Network Login (Secure Network Login with Rada Override) This mode provides the secure login capability of 802.1X, and also offers an override capability based on MAC address. This mode is intended for use where 802.1X Network Login is the normal access mechanism, but a means of isolating hosts is still required - for example client virus isolation. This mode is intended to complement 802.1X network login, and can be used to authorise host access to any network resource. It can only be considered secure if the MAC-based authentication is configured to deny access to all secure network resources. It is intended to prevent access to secure network resources if a particular edge device is authorized by Rada (for example, if a PC is known to be infected by a virus) and placed on a seperate 'safe' VLAN. ■ Rada Or Network Login (Mixed Secure Network Login and Rada-based Network Access) This mode provides for both 802.1X and Rada authentication to be operated in parallel. It provides a migration path where a single port may be used by a number of devices at different times, only some of which support 802.1X. It also allows a single port configuration to be used throughout a switch, regardless of the type of device that is to be connected. For example this mode could be used in education, where a large and varied range of "student" PCs and devices can use Rada authentication, but permanent staff require a secure log-in to enhanced services.
![](/manual_guide/products/3com-3c17300a-implementation-guide-32708b8/79.png)