Ha-VIS mCon Management Software Overview Network Discovery via Link Layer Discovery Protocol (LLDP) LLDP Agent The Link Layer Discovery Protocol allow systems on an Ethernet LAN to advertise their key capabilities to neighbor nodes and also to learn about the key capabilities of other systems on the same Ethernet LAN. This, in turn, promotes a unified network management view of the LAN topology and connectivity to aid network administration and trouble-shooting. In general a network administration station can be connected to one single switch and from there it is able to access the connectivity information in the complete network within the application. LLDP - Neighbor information exchange Port-Based Access Control with 802.1x With the local authorization, the data which is needed is stored directly on the switch, so no external instance is needed. The other way is the remote authorization via a RADIUS server and the EAPoL protocol. The database, containing all information of the network devices which are allowed to get access to the network are stored at the server side and can be managed from a single point. 802.1x user authentication is rapidly becoming an expected component of any Ethernet infrastructure. * Prevention of unauthorized network access based on access data, not the physical address * User authentication in the complete network without bindings to a special port * Attaching an move devices IP authorized manager The IP authorized manager feature enables the switch to enhance security on the network by using IP addresses to authorize which stations (PCs or workstations) can access the switch. Thus, having the correct passwords (when logging through TELNET/WEB) is not sufficient for accessing the switch through the network, unless the station attempting access is also included in the switch's Authorized IP Managers configuration. Authenticator Ha-VIS mCon With the affiliation of the common office communication with the industrial networks, security and flexibility become more and more important for industrial Ethernet networks and applications. The demand of security and reliability is increasing rapidly. Therefore, industrial Ethernet networks need an end device authentication method that is highly secure but not tied to a ports physical location. For this reason, the HARTING Ha-VIS mCon Switches supports the 802.1x authentication functionality conform to the IEEE standard 802.1X REV 2004. This authentication method prevents access to a switch port in cases, if the authentication and authorization fails. The HARTING management software supports dynamic enabling or disabling of the Network Access Control feature in the switch through management configuration. The authorization of an attached supplicant can be proceed on two different ways: either remote or local. Authentication Server (RADIUS) Supplicant Internet or other LAN resources 802.1X based user authentication procedure 01 137