Documente Academic
Documente Profesional
Documente Cultură
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
Network access controlled port
Network access uncontrolled port
RADIUS
Server
Ethernet Switch
Figure 5 - 17. Example of Typical Port-based Configuration
Once the connected device has successfully been authenticated, the Port then becomes Authorized, and all
subsequent traffic on the Port is not subject to access control restriction until an event occurs that causes the Port to
become Unauthorized. Hence, if the Port is actually connected to a shared media LAN segment with more than one
attached device, successfully authenticating one of the attached devices effectively provides access to the LAN for all
devices on the shared segment. Clearly, the security offered in this situation is open to attack.
xStack
Figure 5 - 18. Example of Typical Host-based Configuration
In order to successfully make use of 802.1X in a shared media LAN segment, it would be necessary to create logical
Ports, one for each attached device that required access to the LAN. The Switch would regard the single physical Port
connecting it to the shared media segment as consisting of a number of distinct logical Ports, each logical Port being
independently controlled from the point of view of EAPOL exchanges and authorization state. The Switch learns each
attached devices individual MAC addresses, and effectively creates a logical Port that the attached device can then
use to communicate with the LAN via the Switch.
xStack
switch family can effectively mitigate some network attacks like the
common ARP Spoofing attack that is wide spread today. This is why the Packet Content ACL is
able to inspect any specified content of a packet in different protocol layers.
Click Apply to implement changes made.
Click Create to view the new Access Profile List entry in the Access Profile List window shown below. To add
another Access Profile, click Add ACL Profile. To delete a profile, click the corresponding Delete button. To view the
specific configurations for an entry, click the Show Details button. To add a rule to the Access Profile entry, click the
Add/View Rules button. To remove all listed profiles, click on the Delete All button.
Figure 6 - 67. Access Profile List window for Packet Content example
To view the configurations for a previously configured entry, click on the corresponding Show Details button, which
will display the following window:
xStack
switch family can effectively mitigate some network attacks like the
common ARP Spoofing attack that is wide spread today. This is why the Packet Content ACL is
able to inspect any specified content of a packet in different protocol layers.
Click Apply to implement changes made.
Click Create to view the new CPU Access Profile List entry in the CPU Access Profile List window shown below. To
add another CPU Access Profile, click Add CPU ACL Profile. To delete a profile, click the corresponding Delete
button. To view the specific configurations for an entry, click the Show Details button. To add a rule to the CPU
Access Profile entry, click the Add/View Rules button.
xStack