Accton Technology ES4626 Switch User Manual


 
211
EAPOL protocol defined in 802.1x is adopted between user access equipment (PC) and
access control unit (access switch); EAP protocol is also adopted between access control
unit and authentication server. Authentication data is sealed in EAP messages, which are
included in other high-layer protocol messages, such as RADIUS, so as to reach
authentication server through complex network.
The port-based network access control classifies the ports where equipment end provide
services to customer end into two virtual ports: controlled port and uncontrolled port.
Uncontrolled ports are in bi-directional link state all the time, and used for forwarding EAP
messages. Under the authorization state, controlled ports are in link state and are used for
forwarding business messages; if the controlled port is not in authorization state, then it
will be closed, and no messages may be forwarded.
The Edge-Core switch acts as an access control unit in the 802.1x application
environment; user access equipment is equipment with 802.1x customer end software;
authentication server generally resides in the AAA center of operators, and Radius server
is adopted.
If there are several user access equipments connected to a physical port, the port-based
802.1x authentication fails to distinguish them, which leads to discounted authentication
function. The Ede-Core switch realizes the MAC address based 802.1x authentication
with stronger performance concerning safety and management. With respect to the user
access equipment under a same physical port, if it passes the authentication, the network
may be accessed; if it fails to pass the authentication, then the network may not be
accessed. Even though there are more than one terminals connected to a physical port of
access equipment, the Edge-Core switch is still able to authenticate and manage the user
access equipment separately.
The maximum number of authenticated users of this Edge-Core switch is 4000. However,
it is recommended the number of authenticated users not exceed 2000.
8.2 802.1X Configuration
8.2.1 802.1X Configuration Task Sequence
1. Enable switch 802.1x function
2. Access control unit property configuration