Manualshelf

3Com Switch 7750 Configuration Guide Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
461462463464465466467468469470
46
802.1X CONFIGURATION
Introduction to 802.1x The 802.1x protocol (802.1x for short) was developed by IEEE802 LAN/WAN
committee to address security issues of wireless LANs. It was then used in Ethernet
as a common access control mechanism for LAN ports to address mainly
authentication and security problems.
802.1x is a port-based network access control protocol. It authenticates and
controls devices requesting for access in terms of the ports of LAN access control
devices. With the 802.1x protocol employed, a user-side device can access the LAN
only when it passes the authentication. Those failing to pass the authentication
are denied when accessing the LAN, as if they are disconnected from the LAN.
Architecture of 802.1x
Authentication
802.1x adopts a client/server architecture with three entities: a supplicant system,
an authenticator system, and an authentication server system, as shown in
Figure 112.
Figure 112 Architecture of 802.1x authentication
The supplicant system is an entity residing at one end of the LAN segment and
is authenticated by the authenticator system connected to the other end of the
LAN segment. The supplicant system is usually a user terminal device. An
802.1x authentication is initiated when a user launches client program on the
supplicant system. Note that the client program must support the EAPoL
(extensible authentication protocol over LANs).
The authenticator system authenticates the supplicant system. The
authenticator system is usually an 802.1x-supported network device (such as a
Switch 7750). It provides the port (physical or logical) for the supplicant system
to access the LAN.
Supplicant PAE
Supplicant system
Authenticatio n
server
Authentication
server system
Services provided by
aut he nticat or
Authen ticat or PAE
Authenticator system
Port under
control
Port not authorized
Port not
Under
control
LAN/WLAN
Supplicant PAE
Supplicant system
Authenticatio n
server
Authentication
server system
Services provided by
aut he nticat or
Authen ticat or PAE
Authenticator system
Controlled port
Port not authorized
Uncontrolled
port
LAN/WLAN
Supplicant PAE
Supplicant system
Authenticatio n
server
Authentication
server system
Services provided by
aut he nticat or
Authen ticat or PAE
Authenticator system
Port under
control
Port not authorized
Port not
Under
control
LAN/WLAN
Supplicant PAE
Supplicant system
Authenticatio n
server
Authentication
server system
Services provided by
aut he nticat or
Authen ticat or PAE
Authenticator system
Controlled port
Port not authorized
Uncontrolled
port
LAN/WLAN