66
to the RADIUS packets either with the Password Authentication Protocol (PAP) or Challenge
Handshake Authentication Protocol (CHAP) attribute, and then transferred to the RADIUS
server.
Basic concepts of 802.1X
These basic concepts are involved in 802.1X: controlled port/uncontrolled port, authorized
state/unauthorized state, and control direction.
Controlled port and uncontrolled port
A switch provides ports for clients to access the LAN. Each port can be regarded as a unity of two
logical ports: a controlled port and an uncontrolled port.
•
The uncontrolled port is always open in both the inbound and outbound directions to allow
EAPOL protocol packets to pass, guaranteeing that the client can always send and receive
authentication packets.
•
The controlled port is open to allow data traffic to pass only when it is in the authorized state.
The controlled port and uncontrolled port are two parts of the same port. Any packets arriving at
the port are available to both of them.
Authorized state and unauthorized state
The controlled port can be set in either the authorized or unauthorized status, which depends on
the authentication result, as shown in Figure 16.
Figure 16
Authorized/unauthorized status of a controlled port
You can set the authorization mode of a specified port to control the port authorization status. The
authorization modes include:
•
authorized-force
: Places the port in the authorized state, allowing users on the port to
access the network without authentication.
•
unauthorized-force
: Places the port in the unauthorized state, denying any access
requests from users on the port.
