3Com Switch 4200G Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

161

162

163

164

165

166

167

168

169

170

802.1X CONFIGURATION

Introduction to 802.1x The 802.1x protocol (802.1x for short) was developed by IEEE802 LAN/WAN

committee to address security issues of wireless LANs. It was then used in Ethernet as

a common access control mechanism for LAN ports to address mainly authentication

and security problems.

802.1x is a port-based network access control protocol. It authenticates and controls

devices requesting for access in terms of the ports of LAN access control devices. With

the 802.1x protocol employed, a user-side device can access the LAN only when it

passes the authentication. Those failing to pass the authentication are denied when

accessing the LAN, as if they are disconnected from the LAN.

Architecture of 802.1x

Authentication

802.1x adopts a client/server architecture with three entities: a supplicant system, an

authenticator system, and an authentication server system, as shown in Figure 43.

Figure 43 Architecture of 802.1x authentication

■ The supplicant system is an entity residing at one end of the LAN segment and is

authenticated by the authenticator system connected to the other end of the LAN

segment. The supplicant system is usually a user terminal device. An 802.1x

authentication is initiated when a user launches client program on the supplicant

system. Note that the client program must support the EAPoL (extensible

authentication protocol over LANs).

■ The authenticator system authenticates the supplicant system. The authenticator

system is usually an 802.1x-supported network device (such as a S4200G series

switch). It provides the port (physical or logical) for the supplicant system to access

the LAN.

■ The authentication server system is an entity that provides authentication service

to the authenticator system. Normally in the form of a RADIUS server, the

authentication server system serves to perform AAA (authentication,

authorization, and accounting) . It also stores user information, such as user name,

password, the VLAN a user belongs to, priority, and the ACLs (access control list)

applied.

Supplicant PAE

Supplicant system

Authentication

server

Authentication

server system

Services provided by

aut henticator

Authenticator PAE

Authenticator system

Port under

control

Port not authorized

Por t not

Under

control

LAN/WLAN

Supplicant PAE

Supplicant system

Authentication

server

Authentication

server system

Services provided by

aut henticator

Authenticator PAE

Authenticator system

Controlled port

Port not authorized

Uncontrolled

port

LAN/WLAN

Supplicant PAE

Supplicant system

Authentication

server

Authentication

server system

Services provided by

aut henticator

Authenticator PAE

Authenticator system

Port under

control

Port not authorized

Por t not

Under

control

LAN/WLAN

Supplicant PAE

Supplicant system

Authentication

server

Authentication

server system

Services provided by

aut henticator

Authenticator PAE

Authenticator system

Controlled port

Port not authorized

Uncontrolled

port

LAN/WLAN