The Network > Ethernet ports section contains the interface to disable unused Ethernet ports and configure of 802.1X credentials.

Manage port access (X300 only)

The administrator can disable unused Ethernet ports to reduce the attack surface - an open unused port is a vulnerability. Ports with a ticked box are enabled.

  • Logged in as administrator to the Connect gateway with minimum OS version 5.2
  1. Select Edit to open the input form.
  1. Deselect a port and save the form to disable it - only unused ports can be disabled.
  • Chosen unused ports are disabled.

Port authentication

The gateway can act as supplicant (client device) in networks with IEEE 802.1X port-based Network Access Control (PNAC). To activate port authentication, certificates need to be uploaded to the device. A format check of the certificates is done when uploaded, but the validity of the certificates is not verified by the gateway. Username and password are optional. When all mandatory fields are non-empty, the Save button becomes active - select it to save the data and activate the feature.

The supplicant is not allowed access through the authenticator (for example, an Ethernet switch) to the protected side of the network until the supplicant's identity has been validated and authorized.

The gateway supports the Extensible Authentication Protocol (EAP) authentication methods

  • Username and password
  • Digital certificates (CA or client certificates)
  • Encryption keys
  • Logged in as administrator to the Connect gateway with minimum OS version 5.2
  1. Select Edit to open the input form.
  1. Select the ports to which PNAC applies.
  1. Depending on the authentication method used by the authenticator, enter credentials or upload certificate or key.
  1. Set the authentication timeout value in seconds by stepping the counter.
  1. Save the configuration.
  • The device is configured for 802.1X authentication.