Antaira Technologies - Industrial Ethernet Switches
LNX-2012G-SFP Series User Manual V1.0
65
on the "Configuration→Security→AAA" page) - the client is
put on hold in the Unauthorized state. The hold timer does
not count during an on-going authentication.
The switch will ignore new frames coming from the client
during the hold time.
The Hold Time can be set to a number between 10 and
1000000 seconds.
Port
The port number for which the configuration below applies.
Admin State
If NAS is globally enabled, this selection controls the port's
authentication mode. The following modes are available:
Force Authorized
In this mode, the switch will send one EAPOL Success
frame when the port link comes up, and any client on the
port will be allowed network access without authentication.
Force Unauthorized
In this mode, the switch will send one EAPOL Failure frame
when the port link comes up, and any client on the port will
be disallowed network access.
Port-based 802.1X
In the 802.1X-world, the user is called the supplicant, the
switch is the authenticator, and the RADIUS server is the
authentication server. The authenticator acts as the man-in-
the-middle, forwarding requests and responses between the
supplicant and the authentication server. Frames sent
between the supplicant and the switch is special 802.1X
frames, known as EAPOL (EAP Over LANs) frames.
EAPOL frames encapsulate EAP PDUs (RFC3748).
Frames sent between the switch and the RADIUS server is
RADIUS packets. RADIUS packets also encapsulate EAP
PDUs together with other attributes like the switch's IP
address, name, and the supplicant's port number on the
switch. EAP is very flexible, in that it allows for different
authentication methods, like MD5-Challenge, PEAP, and
TLS. The important thing is that the authenticator (the
switch) doesn't need to know which authentication method
the supplicant and the authentication server are using, or
