LANCOM GS
-
1224
쮿
Chapter 4: Operation of Web- based Management
36
EN
쮿
Supplicant:
It is an entity being authenticated by an authenticator. It is used to com-
municate with the Authenticator PAE (Port Access Entity) by exchanging
the authentication message when the Authenticator PAE request to it.
쮿
Authenticator:
An entity facilitates the authentication of the supplicant entity. It controls
the state of the port, authorized or unauthorized, according to the result
of authentication message exchanged between it and a supplicant PAE.
The authenticator may request the supplicant to re-authenticate itself at
a configured time period. Once start re-authenticating the supplicant, the
controlled port keeps in the authorized state until re-authentication fails.
A port acting as an authenticator is thought to be two logical ports, a con-
trolled port and an uncontrolled port. A controlled port can only pass the
packets when the authenticator PAE is authorized, and otherwise, an
uncontrolled port will unconditionally pass the packets with PAE group
MAC address, which has the value of 01-80-c2-00-00-03 and will not be
forwarded by MAC bridge, at any time.
쮿
Authentication server:
A device provides authentication service, through EAP, to an authentica-
tor by using authentication credentials supplied by the supplicant to
determine if the supplicant is authorized to access the network resource.
The overview of operation flow for the following figure is quite simple. When
Supplicant PAE issues a request to Authenticator PAE, Authenticator and Sup-
plicant exchanges authentication message. Then, Authenticator passes the
request to RADIUS server to verify. Finally, RADIUS server replies if the request
is granted or denied.
While in the authentication process, the message packets, encapsulated by
Extensible Authentication Protocol over LAN (EAPOL), are exchanged between
an authenticator PAE and a supplicant PAE. The Authenticator exchanges the
message to authentication server using EAP encapsulation. Before success-
fully authenticating, the supplicant can only touch the authenticator to per-
form authentication message exchange or access the network from the
uncontrolled port.
Содержание GS-1224
Страница 1: ...c o n n e c t i n g y o u r b u s i n e s s...
Страница 2: ...LANCOM GS 1224...