Manualshelf

User`s manual

ManualsBrandsAirLive ManualsNetworkingSNMP-GSH2404L
31323334353637383940
4. Web Management in SNMP-GSH2404L
AirLive SNMP-GSH2404L User’s Manual
32
Before the devices or end stations can access the network resources through the ports
under 802.1x control, the devices or end stations connected to a controlled port send the
authentication request to the authenticator, the authenticator pass the request to the
authentication server to authenticate and verify, and the server tell the authenticator if the
request get the grant of authorization for the ports.
According to IEEE802.1x, there are three components implemented. They are
Authenticator, Supplicant and Authentication server shown in below figure.
Supplicant:
It is an entity being authenticated by an authenticator. It is used to communicate
with the Authenticator PAE (Port Access Entity) by exchanging the authentication
message when the Authenticator PAE request to it.
Authenticator:
An entity facilitates the authentication of the supplicant entity. It controls the state
of the port, authorized or unauthorized, according to the result of authentication
message exchanged between it and a supplicant PAE. The authenticator may
request the supplicant to re-authenticate itself at a configured time period. Once
start re-authenticating the supplicant, the controlled port keeps in the authorized
state until re-authentication fails.
A port acting as an authenticator is thought to be two logical ports, a controlled
port and an uncontrolled port. A controlled port can only pass the packets when
the authenticator PAE is authorized, and otherwise, an uncontrolled port will
unconditionally pass the packets with PAE group MAC address, which has the
value of 01-80-c2-00-00-03 and will not be forwarded by MAC bridge, at any time.
Authentication server:
A device provides authentication service, through EAP, to an authenticator by
using authentication credentials supplied by the supplicant to determine if the
supplicant is authorized to access the network resource.
The overview of operation flow is quite simple. When Supplicant PAE issues a
request to Authenticator PAE, Authenticator and Supplicant exchanges
authentication message. Then, Authenticator passes the request to RADIUS
server to verify. Finally, RADIUS server replies if the request is granted or denied.
While in the authentication process, the message packets, encapsulated by
Extensible Authentication Protocol over LAN (EAPOL), are exchanged between
an authenticator PAE and a supplicant PAE. The Authenticator exchanges the
message to authentication server using EAP encapsulation. Before successfully
authenticating, the supplicant can only touch the authenticator to perform
authentication message exchange or access the network from the uncontrolled
port.