Understanding and deploying 802.1X with Alta Labs Network Switches

Modified on Thu, 18 Jan 2024 at 02:01 PM

Supported Models: S24-POE, S16-POE, S8-POE


Introduction to 802.1X:


802.1X authentication is a security protocol that can be deployed to help secure network access on switches. This feature ensures that only authorized devices and users gain access to the network, thereby enhancing overall network security. In this knowledge base article, we will explore the fundamentals of 802.1X authentication and provide instruction on how to deploy it with the supported Alta Labs network switches.


What is 802.1X Authentication?


802.1X is an IEEE standard that defines the mechanism for port-based network access control. It provides an authentication framework for controlling access to a network, enforcing policies based on user and device credentials. This standard is particularly significant in environments where multiple users and devices connect to the network through a switch.


Key Components of 802.1X Authentication:


Client:


The device (such as a computer or a network-enabled device) seeking access to the network. The client initiates the authentication process and requests network access.


Authenticator:


The network device, typically a switch, that controls access to the network.

The authenticator acts as an intermediary between the client and the authentication server.


Authentication Server:


Responsible for verifying the credentials of the client. Commonly uses protocols like RADIUS (Remote Authentication Dial-In User Service) to communicate with the authenticator.


Authentication Process:


Initiation:


The client connects to a switch port and sends an EAP (Extensible Authentication Protocol) start frame.


Port Control:


The switch port (if in 802.1X strict mode), acting as the authenticator, blocks all traffic except EAP frames until the authentication process is complete. If the port is in non-strict mode, it will only allow IP traffic for the configured native VLAN (“fallback VLAN”).


Authentication Request:


The authenticator forwards the client's credentials to the authentication server.


Authentication Server Verification:


The authentication server verifies the credentials and sends a response to the authenticator.


Access Granted/Denied:


If the credentials are valid, the authenticator allows full network access for that port. This includes any other downstream connected clients on that port. Otherwise, access is denied.


Benefits of 802.1X Authentication:


Enhanced Security:


Only authorized devices and users can access the network, reducing the risk of unauthorized access.


Dynamic Access Control:


Policies can be enforced based on user roles, allowing for granular control over network resources.


Accountability:


Authentication logs provide a record of who accessed the network at any given time.


Deploying 802.1X with Supported Alta Labs Network Switches


You will first need to configure and deploy the Authentication Server of your choice. You will need to have this done before you configure and deploy 802.1X on your Alta Labs network switches. Once that is complete, make sure your supported Alta Labs network switches are online, set up in your desired site, and running the latest firmware. 


Click into the network switch where you would like to deploy 802.1X to access the setting card.



For Single Port Configurations:


To enable 802.1X on a single switch port, click into your single desired port. On the new settings card that appears, select the ‘Mode’ drop down, and select either 802.1X or 802.1X (strict), depending on the requirements of the authentication server and how you have it configured. Strict mode will block all traffic until the client has authenticated. Non-strict mode will only allow access to the configured native VLAN (fallback VLAN) until the client has authenticated.




Then hit ‘Save’. That selected port is now ready to work with your 802.1X environment.


To configure multiple switch ports at the same time:


From the settings card, click the ‘Select’ button.



You will then be given the option to select all of the switch ports you would like to add a 802.1X configuration to. Select at least one switch port.



    Select the ‘Action’ button and then choose the ‘Set Mode’ option.


On the new window that appears, click the drop down menu and then either 802.1X or 802.1X (strict), depending on the requirements of the authentication server and how you have it configured.


Hit the ‘Save’ button, and that window will close. Those selected ports are now ready to work with your 802.1X environment.


Known issues


Currently, the management VLAN of the switch must be on the list of allowed VLANs for the 802.1X-enabled ports in order for authentication to function properly. This will be resolved in an upcoming release.



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article