Alloy Computer Products GSM-8T16SFP Switch User Manual


 
GSM Series User Manual
91
Alloy Computer Products Pty Ltd Copyright ©2006
3-15. 802.1x Configuration
The 802.1x port-based network access control provides a method to restrict users to access
network resources via authenticating user’s information. This restricts users from gaining access
to the network resources through an 802.1x-enabled port without authentication. Any user
wishing to access the network through a port under 802.1x control, must first input their account
name for authentication and then wait for the authorisation to complete before sending or
receiving any data from an 802.1x-enabled port.
Before the devices or end stations can access the network resources through the ports under
802.1x control, the devices or end stations connected to a controlled port send the authentication
request to the authenticator, the authenticator passes the request to the authentication server to
authenticate and verify the username and password, and the server then tells the authenticator if
the request has been granted access for that port.
According to IEEE802.1x, there are three components implemented. They are the Authenticator,
the Supplicant and the Authentication server.
Supplicant:
It is an entity being authenticated by an authenticator. It is used to communicate
with the Authenticator PAE (Port Access Entity) by exchanging the authentication
message when the Authenticator PAE requests it.
Authenticator:
The Authenticator controls the state of the port, authorized or unauthorized,
according to the result of the authentication message exchanged between it and
a supplicant PAE. The authenticator may request the supplicant to re-
authenticate itself at a configured time period. Once re-authentication to the
supplicant starts, the controlled port will stay in the authorised state until re-
authentication fails.
A port acting as an authenticator is thought to be two logical ports, a controlled
port and an uncontrolled port. A controlled port can only pass packets when the
authenticator PAE is authorised, otherwise, an uncontrolled port will
unconditionally pass the packets with the PAE group MAC address, which has a
value of 01-80-c2-00-00-03 and will not be forwarded by the MAC bridge, at any
time.
Authentication server:
A device that provides the authentication service, through EAP, to an
authenticator by using authentication credentials supplied by the supplicant to
determine if the supplicant is authorised to access the network resource.