Manualshelf

API Guide

ManualsBrandsDell ManualsAccess PlatformsEMC Networking MX9116n
391392393394395396397398399400
The authentication process involves three devices:
Supplicant The device attempting to access the network performs the role of supplicant. Regular traffic from this
device does not reach the network until the port associated to the device is authorized. Before that, the supplicant can only
exchange 802.1x messages (EAPOL frames) with the authenticator.
Authenticator The authenticator is the gate keeper of the network, translating and forwarding requests and responses
between the authentication server and the supplicant. The authenticator also changes the status of the port based on the
results of the authentication process. The authenticator executes on the Dell EMC device.
Authentication-server The authentication-server selects the authentication method, verifies the information the
supplicant provides, and grants network access privileges.
Port authentication
The process begins when the authenticator senses a link status change from down to up:
1. The authenticator requests that the supplicant identify itself using an EAP Request Identity frame.
2. The supplicant responds with its identity in an EAP Response Identity frame.
3. The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access Request
frame, and forwards the frame to the authentication server.
4. The authentication server replies with an Access Challenge frame who requests that the supplicant verifies its identity using
an EAP-Method. The authenticator translates and forwards the challenge to the supplicant.
5. The supplicant negotiates the authentication method and provides the EAP Request information in an EAP Response.
Another Access Request frame translates and forwards the response to the authentication server.
6. If the identity information the supplicant provides is valid, the authentication server sends an Access Accept frame that
specify the network privileges. The authenticator changes the port state to authorize and forwards an EAP Success frame. If
the identity information is invalid, the server sends an Access Reject frame. If the port state remains unauthorized, the
authenticator forwards an EAP Failure frame.
Layer 2
399