Manualshelf

3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module
911912913914915916917918919920
802.1x Overview 919
Control direction
In the unauthorized state, the controlled port can be set to deny traffic to and
from the supplicant or just the traffic from the supplicant.
n
Currently, the Switch 8800 supports only denying the traffic from the supplicant.
Operation of 802.1x The 802.1x authentication system employs the extensible authentication protocol
(EAP) to support authentication information exchange between the supplicant
PAE, authenticator PAE, and authentication server.
Figure 266 Operation of 802.1x
Between the supplicant PAE and authenticator PAE, EAP protocol packets are
encapsulated using EAPOL and transferred over the LAN.
Between the authenticator PAE and authentication server, EAP protocol packets
can be handled in two modes: EAP relay and EAP termination. In EAP relay
mode, EAP protocol packets are encapsulated using the EAP attributes of
RADIUS (remote authentication dial-in user service) and then relayed to the
RADIUS server. In EAP termination mode, EAP protocol packets are terminated
at the authenticator PAE, repackaged in the password authentication protocol
(PAP) or challenge handshake authentication protocol (CHAP) attributes of
RADIUS packets, and then transferred to the RADIUS server.
The authentication server is usually a RADIUS server. It maintains information
about users, such as the username, password, VLAN to which the user belongs,
CAR parameters, priority level, and ACL.
After a user passes the authentication, the authentication server passes
information about the user to the authenticator, which controls the status of
the controlled port according to the instruction of the authentication server.
EAP Encapsulation over
LANs
EAPOL frame format
EAPOL, defined by 802.1x, is intended to carry EAP protocol packets between
supplicants and authenticators over LANs.
Figure 267 shows the EAPOL frame
format.
Figure 267 EAPOL frame format
PAE Ethernet type: Protocol type. It takes the value 0x888E.
Supplicant system
PAE
Authenticator system
PAE
Authentication server
system
EAPOL
RADIUS
015
PAE Ethernet type
Packet body
TypeProtocol version
Length
7
2
4
6
N