ZXR10 8900E series Core Switch Product Description
ZTE Confidential Proprietary
© 2013 ZTE CORPORATION. All rights reserved.
63
3.8.3
Access Security
3.8.3.1
802.1x
802.1X is a Client/Server-based access control and authentication protocol. When
connecting with user device at system port via authentication, it confirms if the user is
authorized to access system services via this port. In this way, unauthorized data
transmission between the user and system can be avoided. At first, 802.1X access
control only allows EAPOL frame to pass the port connecting with the user’s device. After
authentication, other data can pass this port then.
802.1X enables the access point via which the authenticator connects with LAN to
generate two logical ports: controlled port and uncontrolled port. The uncontrolled port
which is free from port authorization status can exchange PDU with other systems freely,
while the controlled port can only exchange PDU with other system when it is authorized.
PAE is the base of the algorithms and protocols related to operating and authentication
mechanisms. The authenticator’s PAE is responsible for communicating with requestor’s
PAE and sending information collected from the requestor’s PAE to authenticator’s
server. After verifying this information, the authentication server confirms if the requestor
is authorized to access the authenticator’s service. The authenticator’s PAE determines
the authorized and unauthorized status of the controlled port as per the authentication
results. The authenticator’s PAE uses uncontrolled port and EAPOL protocol to exchange
protocols with the requestor’s PAE. It uses EAPOR and RADIUS authentication server for
communication.
The 802.1X unit of ZXR10 8900E series switch mainly realizes the following services:
Support services of authenticator.
Local authentication.
Support authenticator’s PAE to exchange protocols with EAPOL via the uncontrolled
port.
Force-Unauthorized, Auto and Force-Authorized values of
Auth-Controlled-Port-Control can be used to run the controlled port.
Support Admin-Controlled-Directions and OperControlled-Directions to run the
controlled port.
Re-authentication timer can be used to authenticate the requestor again on a
regular basis.
Transparent transmission of 802.1x authentication packet is supported when
authentication is not initiated.
Summary of Contents for ZXR10 8900E series
Page 1: ...Operator Logo ZXR10 8900E series Core Switch Product Description ...
Page 2: ......
Page 10: ......