01
137
Ha-VIS mCon
Ha-VIS mCon
Management Software Overview
Network Discovery via Link Layer Discovery
Protocol (LLDP)
The Link Layer Discovery Protocol allow systems on
an Ethernet LAN to advertise their key capabilities
to neighbor nodes and also to learn about the key
capabilities of other systems on the same Ethernet
LAN.
This, in turn, promotes a unied network
management view of the LAN topology and
connectivity to aid network administration and
trouble-shooting.
In general a network administration station can be
connected to one single switch and from there it is
able to access the connectivity information in the
complete network within the application.
LLDP Agent
LLDP – Neighbor information exchange
Port-Based Access Control with 802.1x
With the afliation of the common ofce
communication with the industrial networks, security
and exibility become more and more important
for industrial Ethernet networks and applications.
The demand of security and reliability is increasing
rapidly. Therefore, industrial Ethernet networks need
an end device authentication method that is highly
secure but not tied to a ports physical location. For
this reason, the HARTING Ha-VIS mCon Switches
supports the 802.1x authentication functionality
conform to the IEEE standard 802.1X REV 2004.
This authentication method prevents access to
a switch port in cases, if the authentication and
authorization fails. The HARTING management
software supports dynamic enabling or disabling
of the Network Access Control feature in the
switch through management conguration. The
authorization of an attached supplicant can be
proceed on two different ways: either remote or
local.
With the local authorization, the data which is
needed is stored directly on the switch, so no
external instance is needed. The other way is the
remote authorization via a RADIUS server and
the EAPoL protocol. The database, containing all
information of the network devices which are allowed
to get access to the network are stored at the server
side and can be managed from a single point. 802.1x
user authentication is rapidly becoming an expected
component of any Ethernet infrastructure.
• Prevention of unauthorized network access based
on access data, not the physical address
• User authentication in the complete network
without bindings to a special port
• Attaching an move devices
IP authorized manager
The IP authorized manager feature enables the
switch to enhance security on the network by using
IP addresses to authorize which stations (PCs or
workstations) can access the switch. Thus, having
the correct passwords (when logging through
TELNET/WEB) is not sufcient for accessing the
switch through the network, unless the station
attempting access is also included in the switch’s
Authorized IP Managers conguration.
Internet or other
LAN resources
Authentication
Server
(RADIUS)
Authenticator
Supplicant
802.1X based user authentication procedure