Extensible Authentication Protocol Over Lan - IBM RackSwitch G8000 Application Manual
A top-of-rack (tor) switch
Hide thumbs
Also See for RackSwitch G8000:
- Manual (18 pages) ,
- Manual (14 pages) ,
- Installation manual (86 pages)
Table of Contents
Advertisement
Extensible Authentication Protocol over LAN
72
RackSwitch G8000: Application Guide
IBM Networking OS can provide user-level security for its ports using the IEEE
802.1X protocol, which is a more secure alternative to other methods of port-based
network access control. Any device attached to an 802.1X-enabled port that fails
authentication is prevented access to the network and denied services offered
through that port.
The 802.1X standard describes port-based network access control using Extensible
Authentication Protocol over LAN (EAPoL). EAPoL provides a means of
authenticating and authorizing devices attached to a LAN port that has
point-to-point connection characteristics and of preventing access to that port in
cases of authentication and authorization failures.
EAPoL is a client-server protocol that has the following components:
•
Supplicant or Client
The Supplicant is a device that requests network access and provides the
required credentials (user name and password) to the Authenticator and the
Authenticator Server.
•
Authenticator
The Authenticator enforces authentication and controls access to the network.
The Authenticator grants network access based on the information provided by
the Supplicant and the response from the Authentication Server. The
Authenticator acts as an intermediary between the Supplicant and the
Authentication Server: requesting identity information from the client, forwarding
that information to the Authentication Server for validation, relaying the server's
responses to the client, and authorizing network access based on the results of
the authentication exchange. The G8000 acts as an Authenticator.
•
Authentication Server
The Authentication Server validates the credentials provided by the Supplicant to
determine if the Authenticator ought to grant access to the network. The
Authentication Server may be co-located with the Authenticator. The G8000
relies on external RADIUS servers for authentication.
Upon a successful authentication of the client by the server, the 802.1X-controlled
port transitions from unauthorized to authorized state, and the client is allowed full
access to services through the port. When the client sends an EAP-Logoff message
to the authenticator, the port will transition from authorized to unauthorized state.
Advertisement
Table of Contents
Troubleshooting
