M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E
allowing access to services that are accessible via that port. The authenticator is
responsible for communication with the supplicant and for submitting the information
received from the supplicant to a suitable authentication server. This allows the
verification of user credentials to determine the consequent port authorization state. It is
important to note that the authenticator’s functionality is independent of the actual
authentication method. It effectively acts as a pass-through for the authentication
exchange.
Supplicant
Authenticator
Authentication
Server (RADIUS)
802.1x
Switch
Supplicant
Authenticator
Authentication
Server (RADIUS)
802.1x
Switch
F
IGURE
57
–
802.1x network components
The RADIUS server is the authentication server. The authentication server provides a
standard way of providing Authentication, Authorization, and Accounting services to a
network. Extensible Authentication Protocol (EAP) is an authentication framework which
supports multiple authentication methods. EAP typically runs directly over data link
layers such as PPP or IEEE 802, without requiring IP. EAP over LAN (EAPOL)
encapsulates EAP packets onto 802 frames with a few extensions to handle 802
characteristics. EAP over RADIUS encapsulates EAP packets onto RADIUS packets for
relaying to RADIUS authentication servers.
The details of the 802.1x authentication are shown below
78