Dell PowerConnect 5212 Addendum to the User's Guide - Page 7

IEEE 802.1x Port Authentication - guide

Get Dell PowerConnect 5212 PDF manuals and user guides View all Dell PowerConnect 5212 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 7 highlights

Y1836bk0.book Page 5 Tuesday, July 15, 2003 12:55 PM This document provides information to update your Dell™ PowerConnect™ 5212 User's Guide. The information in this document supersedes that in the User's Guide. IEEE 802.1x Port Authentication The IEEE 802.1x standard defines a port-based access control procedure that prevents unauthorized access to a network by requiring users to first enter a user ID and password for authentication. Access to all switch ports in a network can be centrally controlled from a server, which means that authorized users can use a single user ID and password for authentication from any point within the network. NOTE: Currently only Remote Authentication Dial In User Service (RADIUS) servers and MD5 authentication are supported in the 802.1x implementation. This switch uses the Extensible Authentication Protocol over LANs (EAPOL) with MD5 authentication to exchange authentication protocol messages with the client, and a remote login authentication server (that is, RADIUS) to verify user identity and access rights. When a client (that is, supplicant) connects to a switch port, the switch (that is, authenticator) responds with an identity request. The client provides its identity (a configured user ID) to the switch, which it forwards to the authentication server. The authentication server verifies the client identity and sends this information back to the switch. The switch then issues an MD5 access challenge to the client, and the client returns an MD5 response to the switch based on its user ID and password. If authentication is successful, the switch allows the client to access the network. Otherwise, network access is denied and the port remains blocked. NOTE: The supplicant must use 802.1x client software for authentication to be possible. The Microsoft® Windows® XP operating system supports a native supplicant, but other operating systems require an add-in software module to support the 802.1x service. The operation of 802.1x on the switch requires the following: • A switch with an assigned IP address. • RADIUS authentication must be enabled on the switch and the IP address of the RADIUS server specified. • Each switch port that will be used must be set to 802.1x Auto mode. • Each client that needs to be authenticated must have 802.1x client software installed and be properly configured. The configuration includes specifying the client identity (user ID) and the password, as well as selecting MD5 as the authentication method. • An accessible and functioning RADIUS server. A new page, 802.1x, has been added to the System/Switch menu. This page provides links to the following pages: • 802.1x Port Configuration • 802.1x Statistics Documentation Update 5

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
Documentation Update
5
This document provides information to update your Dell™ PowerConnect™ 5212
User’s Guide
.
The information in this document supersedes that in the
User’s Guide
.
IEEE 802.1x Port Authentication
The IEEE 802.1x standard defines a port-based access control procedure that prevents
unauthorized access to a network by requiring users to first enter a user ID and password for
authentication. Access to all switch ports in a network can be centrally controlled from a server,
which means that authorized users can use a single user ID and password for authentication from
any point within the network.
NOTE:
Currently only Remote Authentication Dial In User Service (RADIUS) servers and MD5
authentication are supported in the 802.1x implementation.
This switch uses the Extensible Authentication Protocol over LANs (EAPOL) with MD5
authentication to exchange authentication protocol messages with the client, and a remote login
authentication server (that is, RADIUS) to verify user identity and access rights. When a client
(that is, supplicant) connects to a switch port, the switch (that is, authenticator) responds with an
identity request. The client provides its identity (a configured user ID) to the switch, which it
forwards to the authentication server. The authentication server verifies the client identity and
sends this information back to the switch. The switch then issues an MD5 access challenge to the
client, and the client returns an MD5 response to the switch based on its user ID and password. If
authentication is successful, the switch allows the client to access the network. Otherwise, network
access is denied and the port remains blocked.
NOTE:
The supplicant must use 802.1x client software for authentication to be possible. The Microsoft
®
Windows
®
XP operating system supports a native supplicant, but other operating systems require an
add-in software module to support the 802.1x service.
The operation of 802.1x on the switch requires the following:
A switch with an assigned IP address.
RADIUS authentication must be enabled on the switch and the IP address of the RADIUS
server specified.
Each switch port that will be used must be set to 802.1x
Auto
mode.
Each client that needs to be authenticated must have 802.1x client software installed and be
properly configured. The configuration includes specifying the client identity (user ID) and
the password, as well as selecting MD5 as the authentication method.
An accessible and functioning RADIUS server.
A new page,
802.1x
,
has been added to the
System/Switch
menu. This page provides links to the
following pages:
802.1x Port Configuration
802.1x Statistics
Y1836bk0.book
Page 5
Tuesday, July 15, 2003
12:55 PM