Dell PowerConnect 5212 Addendum to the User's Guide - Page 7
IEEE 802.1x Port Authentication - guide
View all Dell PowerConnect 5212 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 7 highlights
Y1836bk0.book Page 5 Tuesday, July 15, 2003 12:55 PM This document provides information to update your Dell™ PowerConnect™ 5212 User's Guide. The information in this document supersedes that in the User's Guide. IEEE 802.1x Port Authentication The IEEE 802.1x standard defines a port-based access control procedure that prevents unauthorized access to a network by requiring users to first enter a user ID and password for authentication. Access to all switch ports in a network can be centrally controlled from a server, which means that authorized users can use a single user ID and password for authentication from any point within the network. NOTE: Currently only Remote Authentication Dial In User Service (RADIUS) servers and MD5 authentication are supported in the 802.1x implementation. This switch uses the Extensible Authentication Protocol over LANs (EAPOL) with MD5 authentication to exchange authentication protocol messages with the client, and a remote login authentication server (that is, RADIUS) to verify user identity and access rights. When a client (that is, supplicant) connects to a switch port, the switch (that is, authenticator) responds with an identity request. The client provides its identity (a configured user ID) to the switch, which it forwards to the authentication server. The authentication server verifies the client identity and sends this information back to the switch. The switch then issues an MD5 access challenge to the client, and the client returns an MD5 response to the switch based on its user ID and password. If authentication is successful, the switch allows the client to access the network. Otherwise, network access is denied and the port remains blocked. NOTE: The supplicant must use 802.1x client software for authentication to be possible. The Microsoft® Windows® XP operating system supports a native supplicant, but other operating systems require an add-in software module to support the 802.1x service. The operation of 802.1x on the switch requires the following: • A switch with an assigned IP address. • RADIUS authentication must be enabled on the switch and the IP address of the RADIUS server specified. • Each switch port that will be used must be set to 802.1x Auto mode. • Each client that needs to be authenticated must have 802.1x client software installed and be properly configured. The configuration includes specifying the client identity (user ID) and the password, as well as selecting MD5 as the authentication method. • An accessible and functioning RADIUS server. A new page, 802.1x, has been added to the System/Switch menu. This page provides links to the following pages: • 802.1x Port Configuration • 802.1x Statistics Documentation Update 5