3Com 3C17300A Implementation Guide - Page 79

Rada Else Network Login Secure Network Login with Rada

Get 3Com 3C17300A - Switch 4200 PDF manuals and user guides
UPC - 662705493169
View all 3Com 3C17300A manuals
Add to My Manuals
Save this manual to your list of manuals

Page 79 highlights

Port Security 79 ■ Rada (Radius Authenticated Device Access) Rada (Radius Authenticated Device Access) provides a means of disabling access and where necessary the VLAN assignment based purely on central authentication of an End Station's MAC address. In practice this can be used to provide RADIUS-based security for network administrators who do not have 802.1X clients installed. Another application would be to isolate individual PCs that have been identified to contain viruses. This mode should not be considered a totally secure mode, as it can be bypassed by MAC-address spoofing. Rada can authenticate multiple MAC addresses on a single port, Network Login authentication is limited to a single device on each port. ■ Rada Else Network Login (Secure Network Login with Rada Override) This mode provides the secure login capability of 802.1X, and also offers an override capability based on MAC address. This mode is intended for use where 802.1X Network Login is the normal access mechanism, but a means of isolating hosts is still required - for example client virus isolation. This mode is intended to complement 802.1X network login, and can be used to authorise host access to any network resource. It can only be considered secure if the MAC-based authentication is configured to deny access to all secure network resources. It is intended to prevent access to secure network resources if a particular edge device is authorized by Rada (for example, if a PC is known to be infected by a virus) and placed on a seperate 'safe' VLAN. ■ Rada Or Network Login (Mixed Secure Network Login and Rada-based Network Access) This mode provides for both 802.1X and Rada authentication to be operated in parallel. It provides a migration path where a single port may be used by a number of devices at different times, only some of which support 802.1X. It also allows a single port configuration to be used throughout a switch, regardless of the type of device that is to be connected. For example this mode could be used in education, where a large and varied range of "student" PCs and devices can use Rada authentication, but permanent staff require a secure log-in to enhanced services.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
Port Security
79
Rada (Radius Authenticated Device Access)
Rada (Radius Authenticated Device Access) provides a means of
disabling access and where necessary the VLAN assignment based
purely on central authentication of an End Station's MAC address. In
practice this can be used to provide RADIUS-based security for
network administrators who do not have 802.1X clients installed.
Another application would be to isolate individual PCs that have been
identified to contain viruses.
This mode should not be considered a totally secure mode, as it can be
bypassed by MAC-address spoofing.
Rada can authenticate multiple MAC addresses on a single port, Network
Login authentication is limited to a single device on each port.
Rada Else Network Login (Secure Network Login with Rada
Override)
This mode provides the secure login capability of 802.1X, and also
offers an override capability based on MAC address. This mode is
intended for use where 802.1X Network Login is the normal access
mechanism, but a means of isolating hosts is still required – for
example client virus isolation.
This mode is intended to complement 802.1X network login, and can
be used to authorise host access to any network resource. It can only
be considered secure if the MAC-based authentication is configured
to deny access to all secure network resources.
It is intended to
prevent access to secure network resources if a particular edge device
is authorized by Rada (for example, if a PC is known to be infected by
a virus) and placed on a seperate ‘safe’ VLAN.
Rada Or Network Login (Mixed Secure Network Login and
Rada-based Network Access)
This mode provides for both 802.1X and Rada authentication to be
operated in parallel.
It provides a migration path where a single port
may be used by a number of devices at different times, only some of
which support 802.1X.
It also allows a single port configuration to be
used throughout a switch, regardless of the type of device that is to be
connected.
For example this mode could be used in education, where
a large and varied range of “student” PCs and devices can use Rada
authentication, but permanent staff require a secure log-in to
enhanced services.