Security: 802.1X Authentication
Overview
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
349
18
This is described in the figure below:
A network device can be either a client/supplicant, authenticator or both per port.
Client or Supplicant
A client or supplicant is a network device that requests access to the LAN. The client is
connected to an authenticator.
If the client uses the 802.1x protocol for authentication, it runs the supplicant part of the
802.1x protocol and the client part of the EAP protocol.
No special software is required on the client to use MAC-based or web-based authentication.
Authenticator
An authenticator is a network device that provides network services and to which supplicant
ports are connected.
The following authentication methods are supported:
•
802.1x-based
—Supported in all authentication modes.
•
MAC-based
—Supported in all authentication modes.
•
WEB-based
—Supported only in multi-sessions modes.
In 802.1x-based authentication, the authenticator extracts the EAP messages from the 802.1x
messages (EAPOL packets) and passes them to the authentication server, using the RADIUS
protocol.
With MAC-based or web-based authentication, the authenticator itself executes the EAP client
part of the software on behalf on the clients seeking network access.
Client
Client
Authenticaticator
Authentication
Server
370574