DES-3010F/DES-3010FL/DES-3010G/DES-3016/DES-3018/DES-3026 Fast Ethernet Switch Manual
141
Authentication Server
The Authentication Server is a remote device that is connected to the same network as the Client and
Authenticator, must be running a RADIUS Server program and must be configured properly on the
Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the
Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN. The role
of the Authentication Server is to certify the identity of the Client attempting to access the network by
exchanging secure information between the RADIUS server and the Client through EAPOL packets and, in
turn, informs the Switch whether or not the Client is granted access to the LAN and/or switches services.
Figure 10- 6. The Authentication Server
Authenticator
The Authenticator (the Switch) is an intermediary between the Authentication Server and the Client. The
Authenticator server has two purposes when utilizing 802.1X. The first purpose is to request certification
information from the Client through EAPOL packets, which is the only information allowed to pass through
the Authenticator before access is granted to the Client. The second purpose of the Authenticator is to verify
the information gathered from the Client with the Authentication Server, and to then relay that information
back to the Client.
Three steps must be implemented on the Switch to properly configure the Authenticator.
1. The 802.1X State must be Enabled.
2. The 802.1X settings must be implemented by port.
3. A RADIUS server must be configured on the Switch.
Figure 10- 7. The Authenticator