Moxa EDS-408A-1M2S-SC-T [75/109] Authentication certificate

Moxa Managed Ethernet Switches Featured Functions

3-63

Authentication Certificate

The switch offers two methods to encrypt the communication: SSL Certificate and SSH Key. You can only use

one of the encryption types at the same time. SSL (Secure Socket Layer) is mainly for web communication

security. It secures the data between two application points. SSH (Secure Shell) is a security protocol based on

the Application Layer and Transport Layer. It encrypts the data for security.

NOTE

The switch only support

s one type of the Authentication Certificate at a time.

Check the Authentication Certificate, and then click Activate to complete.

Using Port Access Control

The Moxa switch provides two kinds of Port-Based Access Control: Static Port Lock and IEEE 802.1X.

Static Port Lock

In this case, the Moxa switch can also be configured to protect static MAC addresses for a specific port. With the

Port Lock function, these locked ports will not learn any additional addresses, but only allow traffic from preset

static MAC addresses, helping to block hackers and careless usage.

IEEE 802.1X

The IEEE 802.1X standard defines a protocol for client/server-based access control and authentication. The

protocol restricts unauthorized clients from connecting to a LAN through ports that are open to the Internet,

and which otherwise would be readily accessible. The purpose of the authentication server is to check each

client that requests access to the port. The client is only allowed access to the port if the client’s permission is

authenticated.

Three components are used to create an authentication mechanism based on 802.1X standards:

Client/Supplicant, Authentication Server, and Authenticator.

Client/Supplicant: The end station that requests access to the LAN and switch services and responds to the

requests from the switch.

Authentication Server: The server that performs the actual authentication of the supplicant.

Authenticator: Edge switch or wireless access point that acts as a proxy between the supplicant and the

authentication server, requesting identity information from the supplicant, verifying the information with the

authentication server, and relaying a response to the supplicant.

The Moxa switch acts as an authenticator in the 802.1X environment. A supplicant and an authenticator

exchange EAPOL (Extensible Authentication Protocol over LAN) frames with each other. We can either use an

external RADIUS server as the authentication server, or implement the authentication server in the Moxa

switch by using a Local User Database as the authentication look-up table. When we use an external RADIUS