LevelOne GEP-5070 Manual - Page 87
Reauthentication Enabled, System Configuration
View all LevelOne GEP-5070 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 87 highlights
CHAPTER 4 | Configuring the Switch Configuring Security ◆ 802.1X / MAC-based authentication must be enabled globally for the switch. ◆ The Admin State for each switch port that requires client authentication must be set to 802.1X or MAC-based. ◆ When using 802.1X authentication: ■ Each client that needs to be authenticated must have dot1x client software installed and properly configured. ■ When using 802.1X authentication, the RADIUS server and 802.1X client must support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the server to the client.) ■ The RADIUS server and client also have to support the same EAP authentication type - MD5, PEAP, TLS, or TTLS. (Native support for these encryption methods is provided in Windows 7, Windows Vista, Windows XP, and in Windows 2000 with Service Pack 4. To support these encryption methods in Windows 95 and 98, you can use the AEGIS dot1x client or other comparable client software.) MAC-based authentication allows for authentication of more than one user on the same port, and does not require the user to have special 802.1X software installed on his system. The switch uses the client's MAC address to authenticate against the backend server. However, note that intruders can create counterfeit MAC addresses, which makes MAC-based authentication less secure than 802.1X authentication. PATH Advanced Configuration, Security, Network, NAS USAGE GUIDELINES When 802.1X is enabled, you need to configure the parameters for the authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the switch and authentication server. These parameters are described in this section. PARAMETERS These parameters are displayed: System Configuration ◆ Mode - Indicates if 802.1X and MAC-based authentication are globally enabled or disabled on the switch. If globally disabled, all ports are allowed to forward frames. ◆ Reauthentication Enabled - Sets clients to be re-authenticated after an interval specified by the Re-authentication Period. Re-authentication can be used to detect if a new device is plugged into a switch port. (Default: Disabled) For MAC-based ports, reauthentication is only useful if the RADIUS server configuration has changed. It does not involve communication - 87 -