KTI Networks KGS-2416 Switch User Manual


 
User Manual
Publication date: January, 2006
Revision A2
117
8. If user ID and password is correct, the authentication server will
send a Radius-Access-Accept to the authenticator. If not correct,
the authentication server will send a Radius-Access-Reject.
9. When the authenticator PAE receives a Radius-Access-Accept, it
will send an EAP-Success to the supplicant. At this time, the
supplicant is authorized and the port connected to the supplicant
and under 802.1X control is in the authorized state. The supplicant
and other devices connected to this port can access the network. If
the authenticator receives a Radius-Access-Reject, it will send an
EAP-Failure to the supplicant. This means the supplicant is failed to
authenticate. The port it connected is in the unauthorized state, the
supplicant and the devices connected to this port won’t be allowed
to access the network.
10. When the supplicant issue an EAP-Logoff message to
Authentication server, the port you are using is set to be
unauthorized.
Fig. 3-55
A
ccess allowed
PC
LAN
Bridge
Radius Serve
r
A
ccess blocked
Port connect
Radius-Access-Challenge
Radius-Access-
A
ccep
t
Radius-Access-Request
Radius-Access-Request
E
APOL-
S
tar
t
EAP-Response/Identity
EAP-Response (cred)
EAP-Request/Identity
EAP-Request
EAP-Success
EAP-Failure
E
APOL
E
A
P
A
uthenticato
r
R
adiu
s
EAP-Logof
f