D-Link DGS-3312SR [69/290] Port based network access control

D-Link DGS-3312SR [69/290] Port based network access control
DGS-3312SR Stackable Gigabit Layer 3 Switch
The D-Link implementation
on the Switch, which are:
1. Port-Based Access
server to allow the r
2. MAC-Based Acces Switch will automatically learn up to three MAC addresses
by port and set the must be authenticated by the Switch using a remote RADIUS
server before being allowed access to the Network.
Understanding 802.1x Port-based and MAC-based Network Access Control
T nt behind th
s ent in suc ore than two devices attached to it, one of which is a Bridge Port.
The Bridge Port detects events that indicate the attachment of an active device at the remote end of the link, or an active
d nactive. T
a attached ort-Based Network Access Control.
of 802.1x allows network administrators to choose between two types of Access Control used
Control – This method requires only one user to be authenticated per port by a remote RADIUS
emaining users on the same port access to the network.
s Control – Using this method, the
m in a list. Each MAC address
he original inte
ingle LAN segm
e development of 802.1X was to leverage the characteristics of point-to-point in LANs. As any
h infrastructures has no m
evice becoming i
uthenticating the
hese events can be used to control the authorization state of the Port and initiate the process of
device if the Port is unauthorized. This is the P
Port-Based Network Access Control
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
Network access controlled port
Network access uncontrolled port
RADIUS
Server
Ethernet Switch
Figure 4- 18. Example of Typical Port-Based Configuration
Once the connected device has successfully been authenticated, the Port then becomes Authorized, and all subsequent
traffic on the Port is not subject to access control restriction until an event occurs that causes the Port to become
Unauthorized. Hence, if the Port is actually connected to a shared media LAN segment with more than one attached device,
successfully authenticating one of the attached devices effectively provides access to the LAN for all devices on the shared
segment. Clearly, the security offered in this situation is open to attack.
56

Содержание

Скачать