User Manual
Publication date: Feb., 2008
Revision A1
114
3-15. 802.1X Configuration
802.1X port-based network access control provides a method to restrict
users to access network resources via authenticating user’s information. This
restricts users from gaining access to the network resources through a 802.1X-
enabled port without authentication. If a user wishes to touch the network through a
port under 802.1X control, he (she) must firstly input his (her) account name for
authentication and waits for gaining authorization before sending or receiving any
packets from a 802.1X-enabled port.
Before the devices or end stations can access the network resources through
the ports under 802.1X control, the devices or end stations connected to a
controlled port send the authentication request to the authenticator, the
authenticator pass the request to the authentication server to authenticate and verify,
and the server tell the authenticator if the request get the grant of authorization for
the ports.
According to IEEE802.1X, there are three components implemented. They
are Authenticator, Supplicant and Authentication server.
Supplicant:
It is an entity being authenticated by an authenticator. It is used to
communicate with the Authenticator PAE (Port Access Entity) by
exchanging the authentication message when the Authenticator PAE
request to it.
Authenticator:
An entity facilitates the authentication of the supplicant entity. It controls
the state of the port, authorized or unauthorized, according to the result
of authentication message exchanged between it and a supplicant PAE.
The authenticator may request the supplicant to re-authenticate itself at a
configured time period. Once start re-authenticating the supplicant, the
controlled port keeps in the authorized state until re-authentication fails.
A port acting as an authenticator is thought to be two logical ports, a
controlled port and an uncontrolled port. A controlled port can only pass
the packets when the authenticator PAE is authorized, and otherwise, an
uncontrolled port will unconditionally pass the packets with PAE group
MAC address, which has the value of 01-80-c2-00-00-03 and will not be
forwarded by MAC bridge, at any time.
Authentication server:
A device provides authentication service, through EAP, to an
authenticator by using authentication credentials supplied by the
supplicant to determine if the supplicant is authorized to access the
network resource.
Summary of Contents for LGB1048A
Page 1: ......
Page 2: ......
Page 3: ...User s Manual 48 Port GbE L2 Managed Switch with 4 SFP Dual Media Release 1 0...
Page 7: ...v Revision History Release Date Revision 1 0 02 21 2008 A1...
Page 80: ...User Manual Publication date Feb 2008 Revision A1 72 3 6 4 Flow Fig 3 30...
Page 97: ...User Manual Publication date Feb 2008 Revision A1 89 Fig 3 46 Fig 3 47...
Page 155: ...User Manual Publication date Feb 2008 Revision A1 147 Fig 3 87...
Page 158: ...User Manual Publication date Feb 2008 Revision A1 150 TT Fig 3 89...
Page 168: ...User Manual Publication date Feb 2008 Revision A1 160 Fig 4 1 Fig 4 2...
Page 279: ......