•
•
Configuring Dynamic VLAN Assignment with Port Authentication
•
Guest and Authentication-Fail VLANs
Port-Authentication Process
The authentication process begins when the authenticator senses that a link status has changed from down to up:
1
When the authenticator senses a link state change, it requests that the supplicant identify itself using an EAP Identity Request frame.
2
The supplicant responds with its identity in an EAP Response Identity frame.
3
The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame and
forwards the frame to the authentication server.
4
The authentication server replies with an Access-Challenge frame. The Access-Challenge frame requests the supplicant to prove that
it is who it claims to be, using a specified method (an EAP-Method). The challenge is translated and forwarded to the supplicant by
the authenticator.
5
The supplicant can negotiate the authentication method, but if it is acceptable, the supplicant provides the Requested Challenge
information in an EAP response, which is translated and forwarded to the authentication server as another Access-Request frame.
6
If the identity information provided by the supplicant is valid, the authentication server sends an Access-Accept frame in which
network privileges are specified. The authenticator changes the port state to authorized and forwards an EAP Success frame. If the
identity information is invalid, the server sends an Access-Reject frame. If the port state remains unauthorized, the authenticator
forwards an EAP Failure frame.
Figure 5. EAP Port-Authentication
EAP over RADIUS
802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579.
EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for EAP
messages is 79.
802.1X
87
Содержание S3048-ON
Страница 1: ...Dell Configuration Guide for the S3048 ON System 9 11 2 5 ...
Страница 137: ...0 Gi 1 1 Gi 1 2 rx Flow N A N A 0 0 No N A N A yes Access Control Lists ACLs 137 ...
Страница 142: ...Figure 10 BFD Three Way Handshake State Changes 142 Bidirectional Forwarding Detection BFD ...
Страница 241: ...Dell Control Plane Policing CoPP 241 ...
Страница 287: ... RPM Synchronization GARP VLAN Registration Protocol GVRP 287 ...
Страница 428: ...Figure 53 Inspecting the LAG Configuration 428 Link Aggregation Control Protocol LACP ...
Страница 429: ...Figure 54 Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol LACP 429 ...
Страница 432: ...Figure 56 Inspecting a LAG Port on BRAVO Using the show interface Command 432 Link Aggregation Control Protocol LACP ...
Страница 433: ...Figure 57 Inspecting LAG 10 Using the show interfaces port channel Command Link Aggregation Control Protocol LACP 433 ...
Страница 477: ...Figure 73 Configuring Interfaces for MSDP Multicast Source Discovery Protocol MSDP 477 ...
Страница 478: ...Figure 74 Configuring OSPF and BGP for MSDP 478 Multicast Source Discovery Protocol MSDP ...
Страница 479: ...Figure 75 Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol MSDP 479 ...
Страница 483: ...Figure 77 MSDP Default Peer Scenario 2 Multicast Source Discovery Protocol MSDP 483 ...
Страница 484: ...Figure 78 MSDP Default Peer Scenario 3 484 Multicast Source Discovery Protocol MSDP ...
Страница 634: ...protocol spanning tree pvst no disable vlan 300 bridge priority 4096 634 Per VLAN Spanning Tree Plus PVST ...
Страница 745: ...Figure 104 Single and Double Tag TPID Match Service Provider Bridging 745 ...
Страница 746: ...Figure 105 Single and Double Tag First byte TPID Match 746 Service Provider Bridging ...