GE ML2400 Switch User Manual

Multilink ML2400
Ethernet Communications Switch
Chapter 7: Access Using RADIUS
GE Consumer & Industrial
Access Using RADIUS
7.1 Introduction to 802.1x
7.1.1 Description
The TACACS+ protocol is the latest generation of TACACS. TACACS is a simple UDP (User
Datagram Protocol) based access control protocol originally developed by BBN for the
MILNET (Military Network). Later the enhancements were called TACACS+. TACACS+ is a TCP
(Transmission Control Protocol) based access control protocol. TCP offers a connection-
oriented transport, while UDP offers best-effort delivery making the access authentication
Remote Authentication Dial-In User Service or RADIUS is a server that has been
traditionally used by many Internet Service Providers (ISP) as well as Enterprises to
authenticate dial in users. Today, many businesses use the RADIUS server for
authenticating users connecting into a network. For example, if a user connects PC into
the network, whether the PC should be allowed access or not provides the same issues as
to whether or not a dial in user should be allowed access into the network or not. A user
has to provide a user name and password for authenticated access. A RADIUS server is
well suited for controlling access into a network by managing the users who can access
the network on a RADIUS server. Interacting with the server and taking corrective action(s)
is not possible on all switches. This capability is provided on the MultiLink family of
RADIUS servers and its uses are also described by one or more RFCs.
7.1.2 802.1x Protocol
There are three major components of 802.1x: - Supplicant, Authenticator and
Authentication Server (RADIUS Server). In the figure below, the PC acts as the supplicant.
The supplicant is an entity being authenticated and desiring access to the services. The
switch is the authenticator. The authenticator enforces authentication before allowing