Introduction to 802.1x
155
■
The RADIUS server compares the received encrypted password (contained in a
RADIUS access-request packet) with the locally-encrypted password. If the two
match, it will then send feedbacks (through a RADIUS access-accept packet and an
EAP-success packet) to the switch to indicate that the supplicant system is
authorized.
■
The switch changes the state of the corresponding port to accepted state to allow
the supplicant system access the network.
■
The supplicant system can also terminate the authenticated state by sending
EAPoL-Logoff packets to the switch. The switch then changes the port state from
accepted to rejected.
In EAP relay mode, packets are not modified during transmission. Therefore if one of
the three ways are used (that is, PEAP, EAP-TLS, or EAP-MD5) to authenticate, ensure
that the authenticating ways used on the supplicant system and the RADIUS server
are the same. However for the switch, you can simply enable the EAP relay mode by
using the
dot1x
authentication-method eap
command.
EAP terminating mode
In this mode, packet transmission is terminated at authenticator systems and the EAP
packets are converted to RADIUS packets. Authentication and accounting are
accomplished through RADIUS protocol.
In this mode, PAP or CHAP is employed between the switch and the RADIUS server.
The authentication procedure (assuming that CHAP is employed between the switch
and the RADIUS server) is illustrated in Figure 51.
Summary of Contents for 3CR17660-91
Page 10: ...8 CONTENTS ...
Page 14: ...4 ABOUT THIS GUIDE ...
Page 46: ...32 CHAPTER 5 LOGGING IN THROUGH WEB BASED NETWORK MANAGEMENT SYSTEM ...
Page 48: ...34 CHAPTER 6 LOGGING IN THROUGH NMS ...
Page 60: ...46 CHAPTER 9 VLAN CONFIGURATION ...
Page 64: ...50 CHAPTER 10 MANAGEMENT VLAN CONFIGURATION ...
Page 80: ...66 CHAPTER 13 GVRP CONFIGURATION ...
Page 98: ...84 CHAPTER 15 LINK AGGREGATION CONFIGURATION ...
Page 112: ...98 CHAPTER 18 MAC ADDRESS TABLE MANAGEMENT ...
Page 126: ...112 CHAPTER 19 LOGGING IN THROUGH TELNET ...
Page 162: ...148 CHAPTER 20 MSTP CONFIGURATION ...
Page 274: ...260 CHAPTER 29 IGMP SNOOPING CONFIGURATION ...
Page 276: ...262 CHAPTER 30 ROUTING PORT JOIN TO MULTICAST GROUP CONFIGURATION ...
Page 298: ...284 CHAPTER 33 SNMP CONFIGURATION ...
Page 304: ...290 CHAPTER 34 RMON CONFIGURATION ...
Page 338: ...324 CHAPTER 36 SSH TERMINAL SERVICES ...
Page 356: ...342 CHAPTER 38 FTP AND TFTP CONFIGURATION ...
Page 365: ...Information Center Configuration Example 351 S4200G terminal logging ...
Page 366: ...352 CHAPTER 39 INFORMATION CENTER ...
Page 378: ...364 CHAPTER 40 BOOTROM AND HOST SOFTWARE LOADING ...
Page 384: ...370 CHAPTER 41 Basic System Configuration and Debugging ...
Page 388: ...374 CHAPTER 43 NETWORK CONNECTIVITY TEST ...
Page 406: ...392 CHAPTER 45 CONFIGURATION OF NEWLY ADDED CLUSTER FUNCTIONS ...