CHAPTER 7: ACCESS USING RADIUS ACCESS USING RADIUS
MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL 7–3
10. If the supplicant does not have the necessary credentials, a RADIUS-Access-
Deny packet is relayed to the supplicant as an EAP-Failure frame. The access
to the network continues to be blocked.
FIGURE 7–2: 802.1x authentication details
The ML1200 software implements the 802.1x authenticator. It fully conforms to the
standards as described in IEEE 802.1x, implementing all the state machines needed for
port-based authentication. The ML1200 software authenticator supports both EAPOL and
EAP over RADIUS to communicate to a standard 802.1x supplicant and RADIUS
authentication server.
The ML1200 software authenticator has the following characteristics:
• Allows control on ports using STP-based hardware functions. EAPOL frames are
Spanning Tree Protocol (STP) link Bridge PDUs (BPDU) with its own bridge multicast
address.
• Relays MD5 challenge (although not limited to) authentication protocol to RADIUS
server
• Limits the authentication of a single host per port
• The MultiLink ML1200 Managed Field Switch provides the IEEE 802.1x MIB for SNMP
management