Ieee 802.1X; Radius - ZyXEL Communications XS3800-28 User Manual

85.6.1 IEEE 802.1x

The IEEE 802.1x is a standard for authentication as well as providing additional accounting and control
features. It can be implemented both on wired and wireless networks. It is supported by Windows XP and
a number of network devices. Some advantages of IEEE 802.1x are:
• User based identification
• Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user
profile and accounting management on a network RADIUS server.
• Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication
methods to be deployed with no changes to the switch or the wired clients.

85.6.2 RADIUS

RADIUS is based on a client-server model that supports authentication, authorization and accounting.
The RADIUS server handles the following tasks:
• Authentication
Determines the identity of the users.
• Authorization
Determines the network services available to authenticated users once they are connected to the
network.
• Accounting
Keeps track of the actions that are perform on the switch, such as login events.
RADIUS is a simple package exchange in which your switch acts as a message relay between the wired
client and the network RADIUS server.
85.6.2.1 Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the switch and the RADIUS server for
user authentication:
• Access-Request
Sent by a switch requesting authentication.
• Access-Reject
Sent by a RADIUS server rejecting access.
• Access-Accept
Sent by a RADIUS server allowing access.
• Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access. The switch sends a proper
response from the user and then sends another Access-Request message.
Chapter 85 Port Authentication
XS3800-28 User's Guide
654