Chapter88 – Access Using RADIUSUsing a RADIUS server to authenticate access….his feature is available in MNS-6K-SECURE only. The IEEE 802.1x standard, Port BasedNetwork Access Control, defines a mechanism for port-based network access control thatmakes use of the physical access characteristics of IEEE 802 LAN infrastructure. Itprovides a means of authenticating and authorizing devices attached to LAN ports thathave point-to-point connection characteristics. It also prevents access to that port in caseswhere the authentication and authorization fails. Although 802.1x is mostly used inwireless networks, this protocol is also implemented in LANs. The Magnum 6K family ofswitches implements the authenticator, which is a major component of 802.1x.TRRADIUSemote Authentication Dial-In User Service or RADIUS is a server that has beentraditionally used by many Internet Service Providers (ISP) as well as Enterprises toauthenticate dial in users. Today, many businesses use the RADIUS server for authenticatingusers connecting into a network. For example, if a user connects a PC into the network,whether the PC should be allowed access or not provides the same issues as to whether ornot a dial in user should be allowed access into the network or not. A user has to provide auser name and password for authenticated access. A RADIUS server is well suited forcontrolling access into a network by managing the users who can access the network on aRADIUS server. Interacting with the server and taking corrective action(s) is not possible onall switches. This capability is provided on the Magnum 6K family of switches.jRADIUS servers and its uses are also described by one or more RFCs.802.1xThere are three major components of 802.1x: - Supplicant, Authenticator andAuthentication Server (RADIUS Server). In the figure below, the PC acts as thesupplicant. The supplicant is an entity being authenticated and desiring access to theservices. The switch is the authenticator. The authenticator enforces authentication beforeallowing access to services that are accessible via that port. The authenticator isresponsible for communication with the supplicant and for submitting the information106