D-Link DGS-3312SR [66/290] Port access entity 802 x

D-Link DGS-3312SR [66/290] Port access entity 802 x
DGS-3312SR Stackable Gigabit Layer 3 Switch
Port Access Entity (802.1X)
802.1x Port-Based and MAC-Based Access Control
The IEEE 802.1x standard is a security measure for authorizing and authenticating users to gain access to various wired or
wireless devices on a specified Local Area Network by using a Client and Server based access control model. This is
accomplished by using a RADIUS server to authenticate users trying to access a network by relaying Extensible
Authentication Protocol over LAN (EAPOL) packets between the Client and the Server. The following figure represents a
basic EAPOL packet:
Figure 4- 12. The EAPOL Packet
Utilizing this method, unauthorized devices are restricted from connecting to a LAN through a port to which the user is
connected. EAPOL packets are the only traffic that can be transmitted through the specific port until author n is
granted. The 802.1x Access Con creating and upkeeping a stable
izatio
trol method holds three roles, each of which are vital to
and working Access Control security method.
Figure 4- 13. The three roles of 802.1x
The following section will explain the three roles of Client, Authenticator and Authentication Server in greater detail.
Authentication Server
The Authentication Server is a rem ogram and must be configured
properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the
Authentication Server (RADIUS) e LAN. The role of the
Authentication Server is rk by exchanging secure
ote device that must be running a RADIUS Server pr
before attaining any services offered by the Switch on th
to certify the identity of the Client attempting to access the netwo
information between the RADIUS server and the Client through EAPOL packets and, in turn, informs the Switch whether
or not the Client is granted access to the LAN and/or switches services.
53

Содержание

Скачать