D-Link DGS-1520 User Manual - Page 416
X, Extensible Authentication Protocol over LAN EAPOL packets between the Client and the Server.
View all D-Link DGS-1520 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 416 highlights
DGS-1520 Series Gigabit Ethernet Smart Managed Switch Web UI Reference Guide Click the Add button to add a new entry based on the information entered. Click the Delete button to remove a new entry based on the information entered. Click the Clear by Port button to clear the information based on the port selected. Click the Clear by MAC button to clear the information based on the MAC address entered. Click the Clear All button to clear all the information in this table. Enter a page number and click the Go button to navigate to a specific page when multiple pages exist. 802.1X 802.1X (Port-based and Host-based Access Control) The IEEE 802.1X standard is a security measure for authorizing and authenticating users to gain access to various wired or wireless devices on a specified Local Area Network by using a Client and Server based access control model. This is accomplished by using a RADIUS server to authenticate users trying to access a network by relaying Extensible Authentication Protocol over LAN (EAPOL) packets between the Client and the Server. The following figure represents a basic EAPOL packet: Figure 9-4 The EAPOL Packet Utilizing this method, unauthorized devices are restricted from connecting to a LAN through a port to which the user is connected. EAPOL packets are the only traffic that can be transmitted through the specific port until authorization is granted. The 802.1X access control method has three roles, each of which are vital to creating and up keeping a stable and working Access Control security method. Figure 9-5 The three roles of 802.1X The following section will explain the three roles of Client, Authenticator, and Authentication Server in greater detail. Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any 406