XS1930 Series User’s Guide
167
C
HAPTER
18
Port Authentication
18.1 Port Authentication Overview
This chapter describes the IEEE 802.1x and MAC authentication methods.
Port authentication is a way to validate access to ports on the Switch to clients based on an external
server (authentication server). The Switch supports the following methods for port authentication:
•
IEEE 802.1x
2
- An authentication server validates access to a port based on a username and
password provided by the user.
•
MAC Authentication
- An authentication server validates access to a port based on the MAC address
and password of the client.
Both types of authentication use the RADIUS (Remote Authentication Dial In User Service, RFC 2138,
2139) protocol to validate users. See
for more information on configuring your
RADIUS server settings.
Note: If you enable IEEE 802.1x authentication and MAC authentication on the same port, the
Switch performs IEEE 802.1x authentication first. If a user fails to authenticate via the IEEE
802.1x method, then access to the port is denied.
18.1.1 What You Can Do
• Use the
Port Authentication
screen (
) to display the links to the configuration
screens where you can enable the port authentication methods.
• Use the
802.1x
screen (
) to activate IEEE 802.1x security.
• Use the
MAC Authentication
) to activate MAC authentication.
18.1.2 What You Need to Know
IEEE 802.1x Authentication
The following figure illustrates how a client connecting to a IEEE 802.1x authentication enabled port goes
through a validation process. The Switch prompts the client for login information in the form of a user
name and password. When the client provides the login credentials, the Switch sends an authentication
request to a RADIUS server. The RADIUS server validates whether this client is allowed access to the port.
2.
At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system
documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client
software.