Table of Contents
Advertisement
•
Authenticator—software with the sole purpose of authorizing a supplicant
that is attached to the other end of a LAN segment.
•
Authentication Server—a RADIUS server that provides authorization services
to the Authenticator.
•
Port Access Entity (PAE)—a software entity associated with each port that
supports the Authenticator or Supplicant functionality. In the preceding
example, the Authenticator PAE resides on the switch.
•
Controlled Port—any switch port with EAPOL-based security enabled.
The Authenticator communicates with the Supplicant using an encapsulation
mechanism known as EAP over LANs (EAPOL).
The Authenticator PAE encapsulates the EAP message into a RADIUS packet
before sending the packet to the Authentication Server. The Authenticator
facilitates the authentication exchanges that occur between the Supplicant and the
Authentication Server by encapsulating the EAP message to make it suitable for
the packet's destination.
The Authenticator determines the controlled port's operational state. After the
RADIUS server notifies the Authenticator PAE about the success or failure of the
authentication, it changes the controlled port's operational state accordingly.
The Authenticator PAE functionality is implemented for each controlled port on
the switch. At system initialization, or when a supplicant is initially connected to
the switch's controlled port, the controlled port's state is set to Blocking. During
that time, EAP packets are processed by the authenticator.
When the Authentication server returns a "success" or "failure" message, the
controlled port's state is changed accordingly. If the authorization is successful,
the controlled port's operational state is set to Forwarding. Otherwise, the
controlled port's state depends on the Operational Traffic Control field value in
the EAPOL Security Configuration screen.
The Operational Traffic Control field can have one of the following two values:
•
Incoming and Outgoing—If the controlled port is unauthorized, frames are
not transmitted through the port; all frames received on the controlled port are
discarded. The controlled port's state is set to Blocking.
•
Incoming—If the controlled port is unauthorized, frames received on the port
are discarded, but the transmit frames are forwarded through the port.
Chapter 1 The Business Policy Switch 2000 81
Using the Business Policy Switch 2000 Version 2.0
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
