RGS-9244GP Series User Manual
ORing Industrial Networking Corp.
121
Other Info
This section contains information about the state of the server and the
latest
round-trip
time.
5.8.6 NAS (802.1x)
This page allows you to configure the IEEE 802.1X and MAC-based authentication system and
port settings.
The IEEE 802.1X standard defines a port-based access control procedure that prevents
unauthorized access to a network by requiring users to first submit credentials for authentication.
One or more central servers (the backend servers
)
determine whether the user is allowed
access to the network. These backend (RADIUS) servers are configured on the authentication
configuration page.
MAC-based authentication allows for authentication of more than one user on the same port,
and does not require the users to have special 802.1X software installed on their system. The
switch uses the users' MAC addresses to authenticate against the backend server. As intruders
can create counterfeit MAC addresses, MAC-based authentication is less secure than 802.1X
authentication.
Overview of 802.1X (Port-Based) Authentication
In an 802.1X network environment, the user is called the supplicant, the switch is the
authenticator, and the RADIUS server is the authentication server. The switch acts as the man-
in-the-middle, forwarding requests and responses between the supplicant and the
authentication server. Frames sent between the supplicant and the switch are special 802.1X
frames, known as EAPOL (EAP Over LANs) frames which encapsulate EAP PDUs (RFC3748).
Frames sent between the switch and the RADIUS server are RADIUS packets. RADIUS
packets also encapsulate EAP PDUs together with other attributes like the switch's IP address,
name, and the supplicant's port number on the switch. EAP is very flexible as it allows for
different authentication methods, like MD5-Challenge, PEAP, and TLS. The important thing is
that the authenticator (the switch) does not need to know which authentication method the
