790
divided into two virtual port types: managed port and non-managed port. A non-managed
port is always in the connected status for both in and out directions to transfer EAP
authenticating packets. A managed port will be in the connected status when authorized
to transfer commutation packets; and is shutdown when not authorized, and cannot
transfer any packets.
In the IEEE 802.1x application environment, ES4700 series is used as the access
management unit, and the user connection device is the device with 802.1x client
software. An authenticating server usually reside in the Carrier’s AAA center and usually
is a Radius server.
The authentication function of port-based IEEE 802.1x is limited when multiple user
access devices connect to one physical port, since the authentication will not be able to
tell the difference between user access, MAC-based IEEE 802.1x authentication is
implemented in ES4700 series for better security and management. Only authenticated
user access devices connecting to the same physical port can access the network, the
unauthorized devices will not be able to access the network. In this way, even if multiple
terminals are connected via one physical port, ES4700 series can still authenticate and
manage each user access device individually.
The maximum authenticating user number supported by ES4700 series is 4,000. It is
recommended to keep the authenticating user number under 2,000.
20.2 802.1x Configuration
20.2.1 802.1x Configuration Task Sequence
1. Enable IEEE 802.1x function
2. Access
management
unit
property configuration
1) Configure port authentication status
2) Configure access management method for the port: MAC-based or port-based.
3) Configure expanded 802.1x function
3. User access devices related property configuration (optional)
4. RADIUS server related property configuration
1) Configure RADIUS authentication key.
2) Configure RADIUS Server
3) Configure RADIUS Service parameters.
1. Enable 802.1x function
