Dell PowerConnect M6220 Configuration Guide - Page 85

Device Security, 802.1x Network Access Control

Get Dell PowerConnect M6220 PDF manuals and user guides View all Dell PowerConnect M6220 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 85 highlights

5 Device Security This section describes configuration scenarios for the following features: • "802.1x Network Access Control" on page 85 • "802.1X Authentication and VLANs" on page 88 • "Authentication Server Filter Assignment" on page 90 • "Access Control Lists (ACLs)" on page 90 • "RADIUS" on page 97 • "TACACS+" on page 100 802.1x Network Access Control Port-based network access control allows the operation of a system's port(s) to be controlled to ensure that access to its services is permitted only by systems that are authorized to do so. Port Access Control provides a means of preventing unauthorized access by supplicants or users to the services offered by a system. Control over the access to a switch and the LAN to which it is connected can be desirable in order to restrict access to publicly accessible bridge ports or departmental LANs. The PowerConnect 6200 Series switch achieves access control by enforcing authentication of supplicants that are attached to an authenticator's controlled ports. The result of the authentication process determines whether the supplicant is authorized to access services on that controlled port. A PAE (Port Access Entity) can adopt one of two roles within an access control interaction: • Authenticator - Port that enforces authentication before allowing access to services available via that Port. • Supplicant - Port that attempts to access services offered by the Authenticator. Additionally, there exists a third role: • Authentication server - Server that performs the authentication function necessary to check the credentials of the supplicant on behalf of the Authenticator. Completion of an authentication exchange requires all three roles. The PowerConnect 6200 Series switch supports the authenticator role only, in which the PAE is responsible for communicating with the supplicant. The authenticator PAE is also responsible for submitting information received from the supplicant to the authentication server in order for the credentials to be checked, which Device Security 85

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
Device Security
85
5
Device Security
This section describes configuration scenarios for the following features:
"802.1x Network Access Control" on page 85
"802.1X Authentication and VLANs" on page 88
"Authentication Server Filter Assignment" on page 90
"Access Control Lists (ACLs)" on page 90
"RADIUS" on page 97
"TACACS+" on page 100
802.1x Network Access Control
Port-based network access control allows the operation of a system’s port(s) to be controlled to
ensure that access to its services is permitted only by systems that are authorized to do so.
Port Access Control provides a means of preventing unauthorized access by supplicants or users to
the services offered by a system. Control over the access to a switch and the LAN to which it is
connected can be desirable in order to restrict access to publicly accessible bridge ports or
departmental LANs.
The PowerConnect 6200 Series switch achieves access control by enforcing authentication of
supplicants that are attached to an authenticator’s controlled ports. The result of the authentication
process determines whether the supplicant is authorized to access services on that controlled port.
A PAE (Port Access Entity) can adopt one of two roles within an access control interaction:
Authenticator – Port that enforces authentication before allowing access to services available via
that Port.
Supplicant – Port that attempts to access services offered by the Authenticator.
Additionally, there exists a third role:
Authentication server – Server that performs the authentication function necessary to check the
credentials of the supplicant on behalf of the Authenticator.
Completion of an authentication exchange requires all three roles. The PowerConnect 6200 Series
switch supports the authenticator role only, in which the PAE is responsible for communicating with
the supplicant. The authenticator PAE is also responsible for submitting information received from
the supplicant to the authentication server in order for the credentials to be checked, which