Access Control And Device Authentication With Ieee 802.1X - ABB EDS500 Series Function Manual

Functions
The user authentication of the EDS500 devices (Chapter 2.3.2, "Login Mode Radius") can use
RADIUS to verify the validity of a login with Telnet, SSH or serial connections web interface.
Furthermore with the help of RADIUS a port authentication can be carried out according to
IEEE 802.1X (Chapter 2.24, "Access Control and Device Authentication with IEEE 802.1X"). This
does not safeguard the login on a EDS500 device but the whole network access via a specific
port.
Commands to configure the RADIUS protocol
< s e t s y s t e m r a d i u s s e r v e r { I P a d d r e s s } [ { s e r v e r p o r t } ]
{ s h a r e d s e c r e t } >
< c l e a r s y s t e m r a d i u s s e r v e r { I P a d d r e s s } >
2.24 Access Control and Device Authentication with
IEEE 802.1X
The IEEE 802.1X standard offers the possibility to apply an access protection for physical
ports in the LAN. A device ("Supplicant") connected to an EDS500 managed switches
("Authenticator") is granted network access only after a successful authentication. The
Authenticator (in this case the EDS500 device) does not perform the actual authentication,
but instead uses a RADIUS server for this purpose, which must be configured (Chapter 2.23,
"RADIUS").
Authenticator
Supplicant
Figure 26: Access control with IEEE 802.1X
Default configuration:
By default, 802.1X is activated and every port is unlocked (< s e t d o t 1 x p o r t c o n t r o l
{ ... } a u t h - f o r c e > ).
Configuring access negotiation
To activate the automatic access control, it is sufficient to configure the setting < s e t d o t
1 x p o r t c o n t r o l { ... } p a e - a u t o > .
1KGT151021 V000 1
Ethernet

Access Control and Device Authentication with IEEE 802.1X

IP-Network
Authentication
Server (Radius)
85