xStack DES-3500 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual
103
Authentication Server
The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be
running a RADIUS Server program and must be configured properly on the Authenticator (Switch). The Authentication Server
(RADIUS) must authenticate clients connected to a port on the Switch before attaining any services offered by the Switch on the
LAN. The role of the Authentication Server is to certify the identity of the Client attempting to access the network by exchanging
secure information between the RADIUS server and the Client through EAPOL packets and, in turn, informs the Switch whether
or not the Client is granted access to the LAN and/or switch services.
Figure 6- 84. Authentication Server
Authenticator
The Authenticator (the Switch) is an intermediary between the Authentication Server and the Client. The Authenticator serves two
purposes when utilizing 802.1x. The first purpose is to request certification information from the Client through EAPOL packets,
which is the only information allowed to pass through the Authenticator before access is granted to the Client. The second purpose
of the Authenticator is to verify the information gathered from the Client with the Authentication Server, and to then relay that
information back to the Client.
Three steps must be implemented on the Switch to properly configure the Authenticator.
1. The 802.1x State must be enabled. (
Configuration > Switch Information > Advanced Settings
>
802.1x Status
)
2. The 802.1x settings must be implemented by port. (
Port Access Entity > PAE System Control > Port Capability
>
Capability
)
3. A RADIUS server must be configured on the Switch. (
Port Access Entity > RADIUS Server > Authentic RADIUS
Server
)
Figure 6- 85. Authenticator