Port Based Network Access Control

Using IEEE 802.1x and Port Security

Using Perle as an Authenticator

IEEE 802.1x provides an authentication mechanism to devices wishing to attach to access ports.

Used in conjunction with a compliant RADIUS authentication server, a Perle device, in its role as an authenticator, will only allow access to its ports (and in turn the network), once the 802.1x device (supplicant) has successfully authenticated with the RADIUS server. Supplicant functionality is available on common workstation operating systems such as Windows.

In cases where a non-802.1x complaint device (such as Industrial equipment) needs to be connected to an 802.1x compliant switch, the MAC Authentication Bypass (MAB) feature available on Perle devices can be used. When enabled, the specific MAC address of the device is used as the ID and password. This information, having been pre-configured in the RADIUS authentication server, will enable secure access to the switch port.

Using Perle as a Supplicant

802.1x can extend beyond devices accessing an edge switch. You can configure Perle to act as a supplicant to another switch. This can be used when a Perle device is outside a wiring closet and is connected to an upstream switch through a trunk port. Perle configured with the 802.1x switch supplicant feature authenticates with the upstream switch (acting as the authenticator) for secure connectivity.

Perle Port Security

The port security feature provides the ability to restrict input to an interface by limiting and identifying MAC addresses of the stations allowed to access the port (Access or Trunk) and will take specific actions when violations occur such as sending an SNMP trap message to the NMS and shutting down the port.

Perle Products that support IEEE 802.1x and Port Security