Intel IXM5414E Switch User Manual


 
36 Intel® Blade Server Ethernet Switch Module IXM5414E
A controlled port is configured by management to be in one of three states:
ForceUnauthorized
The port is set to the unauthorized state.
ForceAuthorized
The port is set to the authorized state.
Auto The port’s state will be set based on the outcome of authentication exchanges
between the Supplicant, Authenticator and the Authentication server. This is the
default port state when port-based access control is enabled.
Local authentication
Local authentication matches a user ID/password combination received from the supplicant to the
switch module’s local database. The switch module will transmit an EAP-Request/Identity packet to
the supplicant to obtain the combination, and if a match is found will then send an EAP-
Request/MD5 packet to the supplicant. The supplicant’s MD5 response is sent to the authenticator
for validation. A match results in a successful authentication of the port.
/ NOTE
The switch module’s Authenticator supports only the EAP-MD5 authentication type for local
authentication.
RADIUS authentication
When Remote Authentication Dial-In User Service (RADIUS) authentication is used, the
authenticator basically becomes a pass through to facilitate communication between the supplicant
and the RADIUS server. The authenticator encapsulates the EAP messages exchanged between the
supplicant and the server in either EAPoL or RADIUS frames (depending on the direction of the
frame). The authenticator determines the authorization status of the port based on RADIUS Access-
Accept or Access-Reject frames. The authenticator switch also needs to send and process all
appropriate RADIUS attributes.
Secure Shell (SSH)
Interactive login is widely used as a means to control and/or configure an entity across a network.
For decades the Telnet protocol, and its cousin rlogin, have provided this capability. However, these
protocols permit the transmission of sensitive information over unprotected networks. The current
standard for providing interactive login in a secure fashion is the Secure SHell (SSH).
Table 2. Secure Shell Feature Details
SSH Feature Component Type
Connection Type Interactive Login
Authentication Method Password
Ciphers 3DES-CBC
Blowfish-CBC
Twofish128-CBC
AES128-CBC