LevelOne GSW-4876 Manual - Page 96
RADIUS-Assigned QoS Enabled, Guest VLAN Enabled, Port State, Globally Disabled, Link Down, Authorized
View all LevelOne GSW-4876 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 96 highlights
CHAPTER 4 | Configuring the Switch Configuring Security The advantage of MAC-based authentication over port-based 802.1X is that several clients can be connected to the same port (e.g. through a 3rd party switch or a hub) and still require individual authentication, and that the clients don't need special supplicant software to authenticate. The advantage of MAC-based authentication over 802.1X-based authentication is that the clients don't need special supplicant software to authenticate. The disadvantage is that MAC addresses can be spoofed by malicious users - equipment whose MAC address is a valid RADIUS user can be used by anyone. Also, only the MD5-Challenge method is supported. The maximum number of clients that can be attached to a port can be limited using the Port Security Limit Control functionality. Further Guidelines for Port Admin State ■ Port Admin state can only be set to Force-Authorized for ports participating in the Spanning Tree algorithm (see page 135). ■ When 802.1X authentication is enabled on a port, the MAC address learning function for this interface is disabled, and the addresses dynamically learned on this port are removed from the common address table. ■ Authenticated MAC addresses are stored as dynamic entries in the switch's secure MAC address table. Configured static MAC addresses are added to the secure address table when seen on a switch port (see page 166). Static addresses are treated as authenticated without sending a request to a RADIUS server. ■ When port status changes to down, all MAC addresses are cleared from the secure MAC address table. Static VLAN assignments are not restored. ◆ RADIUS-Assigned QoS Enabled - Enables or disables this feature for a given port. Refer to the description of this feature under the System Configuration section. ◆ RADIUS-Assigned VLAN Enabled - Enables or disables this feature for a given port. Refer to the description of this feature under the System Configuration section. ◆ Guest VLAN Enabled - Enables or disables this feature for a given port. Refer to the description of this feature under the System Configure section. ◆ Port State - The current state of the port: ■ Globally Disabled - 802.1X and MAC-based authentication are globally disabled. (This is the default state.) ■ Link Down - 802.1X or MAC-based authentication is enabled, but there is no link on the port. ■ Authorized - The port is in Force Authorized mode, or a singlesupplicant mode and the supplicant is authorized. - 96 -