IEEE802.1X protocol is a very popular tool for user authentication. In standard implementations, it has weaker points. It is able to block access to the network for unauthorized users but that is all. In our implementation, we added an important feature that helps you to increase security. All unauthorized users are immediately reported via the SNMP TRAPS to the visualization software. So the potential attacker could be captured immediately and does not have time for network intrusion.
The IEEE 802.1X standard distinguishes 3 types of devices:
Supplicant - The end user of the network that must be authenticated before accessing the network (PC technician, camera).
Authenticator - Serves the access point for the Supplicant. In LAN-RING networks, any managed switch with fw 62 or higher can have this role.
Authentication server - Usually it is a RADIUS server that decides to allow / deny access to the network. In 802.1X authentication systems, we recommend that you install at least 2 redundant servers. At least, one of them should be located in a secure room (tamper, EZS) directly on the protected object.
LAN-RING & IPLOG allows system integrators to build a complete IEEE802.1X network infrastructure system independent of other vendors.
METEL Authentication Server - For the IPLOG-GAMA controllers we have developed the OPKG package "freeradius-server". The major advantage of the control units is their industrial operating temperature range from -40 °C to +70 °C. Unlike conventional servers, controllers can be deployed in very harsh environments.
METEL Authenticator / Supplicant - L2 and L3 LAN-RING switches support the authentication of end devices in accordance with IEEE 802.1X.