User manual
Chapter 18 Port Authentication
GS2210 Series User’s Guide
164
RADIUS is a simple package exchange in which your switch acts as a message relay between the wired
client and the network RADIUS server.
18.5.2.1 Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the switch and the RADIUS server for
user authentication:
• Access-Request
Sent by an switch requesting authentication.
• Access-Reject
Sent by a RADIUS server rejecting access.
• Access-Accept
Sent by a RADIUS server allowing access.
• Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access. The switch sends a proper
response from the user and then sends another Access-Request message.
The following types of RADIUS messages are exchanged between the switch and the RADIUS server for
user accounting:
• Accounting-Request
Sent by the switch requesting accounting.
• Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the switch and the RADIUS server use a shared secret key, which is a
password, they both know. The key is not sent over the network. In addition to the shared key, password
information exchanged is also encrypted to protect the network from unauthorized access.
18.5.3 EAP (Extensible Authentication Protocol) Authentication
This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP.
Your wired LAN device may not support all authentication types.
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x
transport mechanism in order to support multiple types of user authentication. By using EAP to interact
with an EAP-compatible RADIUS server, an switch helps a wired station and a RADIUS server perform
authentication.
The type of authentication you use depends on the RADIUS server and an intermediary switch(es) that
supports IEEE 802.1x.