Filter
Top Products
Overview of Security Methods
3-16 Accessing Local Management
3.4.2.2 802.1X Security Overview
The Enterasys Networks’ SmartSwitch 2200 Series modules support the following 802.1X and
EAP security and authentication features to:
• Authenticate hosts that are connected to dedicated switch ports.
• Authenticate based on single-user hosts. (If a host is a time-shared Unix or VMS system,
successful authentication by any user will allow all users access to the network.)
• Allow users to authenticate themselves by logging in with user names and passwords, token
cards, or other high-level identification. Thus, a system manager does not need to spend hours
setting low-level MAC address filters on every edge switch to simulate user-level access
controls.
• Divide system functionality between supplicants (user machines), authenticators, and
authentication servers. Authenticators reside in edge switches. They shuffle messages and tell
the switch when to grant or deny access, but do not validate logins. User validation is the job of
authentication servers. This separation of functions allows network managers to put
authentication servers on central servers.
• Use the 802.1X protocol to communicate between the authenticator and the supplicant. the
frame format using 802.1X incl;udes extra data fields within a LAN frame. Note that 802.1X
does not allowrouting.
• Use the 802.1X protocol to communicate between the authenticator and the authentication
server. The specific protocol that runs between these components (e.g., RADIUS-encapsulated
EAP) is not specified and is implementation-dependent.
Authentication Server Provides authentication service to an authenticator. This
service determines, by the credentials the supplicant
provides, whether a supplicant is authorized to access
services provided by the authenticator. The authentication
server can be co-located with an authenticator or can be
accessed remotely.
Supplicant The entity (user machine) that is trying to be authenticated
by an authenticator attached to the other end of that link.
Table 3-2 Authentication Terms and Abbreviations (Continued)
Term Definition