GE ML1200 Switch User Manual


 
CHAPTER 7: ACCESS USING RADIUS ACCESS USING RADIUS
MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL 7–3
10. If the supplicant does not have the necessary credentials, a RADIUS-Access-
Deny packet is relayed to the supplicant as an EAP-Failure frame. The access
to the network continues to be blocked.
FIGURE 7–2: 802.1x authentication details
The ML1200 software implements the 802.1x authenticator. It fully conforms to the
standards as described in IEEE 802.1x, implementing all the state machines needed for
port-based authentication. The ML1200 software authenticator supports both EAPOL and
EAP over RADIUS to communicate to a standard 802.1x supplicant and RADIUS
authentication server.
The ML1200 software authenticator has the following characteristics:
Allows control on ports using STP-based hardware functions. EAPOL frames are
Spanning Tree Protocol (STP) link Bridge PDUs (BPDU) with its own bridge multicast
address.
Relays MD5 challenge (although not limited to) authentication protocol to RADIUS
server
Limits the authentication of a single host per port
The MultiLink ML1200 Managed Field Switch provides the IEEE 802.1x MIB for SNMP
management