Configuration; Ieee 802.1X Overview; System Architecture - 3Com 5500-SI Configuration Manual
5500 series
Hide thumbs
Also See for 5500-SI:
- Datasheet (9 pages) ,
- Getting started manual (148 pages) ,
- Quick reference manual (59 pages)
Table of Contents
Advertisement
21
IEEE 802.1x Overview
802.1x System
Architecture
802.1
C
X
ONFIGURATION
This chapter covers the following topics:
IEEE 802.1x Overview
■
Configuring 802.1x
■
Centralized MAC Address Authentication
■
AAA and RADIUS Protocol Configuration
■
For information on setting up a RADIUS server and RADIUS client refer to Appendix B.
For details on how to authenticate the Switch5500 with a Cisco Secure ACS server
with TACACS+, refer to Appendix C.
IEEE 802.1x (hereinafter simplified as 802.1x) is a port-based network access control
protocol that is used as the standard for LAN user access authentication.
In the LANs complying with the IEEE 802 standards, the user can access the devices
and share the resources in the LAN through connecting the LAN access control device
like the LAN Switch. However, in telecom access, commercial LAN (a typical example
is the LAN in the office building) and mobile office and so on, the LAN providers
generally hope to control the user's access. In these cases, the requirement on the
above-mentioned "Port Based Network Access Control" originates.
As the name implies, "Port Based Network Access Control" means to authenticate
and control all the accessed devices on the port of LAN access control device. If the
user's device connected to the port can pass the authentication, the user can access
the resources in the LAN. Otherwise, the user cannot access the resources in the LAN.
It equals that the user is physically disconnected.
802.1x defines port based network access control protocol and only defines the
point-to-point connection between the access device and the access port. The port
can be either physical or logical. The typical application environment is as follows:
Each physical port of the LAN Switch only connects to one user workstation (based on
the physical port) and the wireless LAN access environment defined by the IEEE
802.11 standard (based on the logical port).
The system using the 802.1x is the typical C/S (Client/Server) system architecture. It
contains three entities, which are illustrated in Figure 104: Supplicant System (User),
Authenticator System and Authentication Server System.
The LAN access control device needs to provide the Authenticator System of 802.1x.
The devices at the user side such as the computers need to be installed with the
802.1x client Supplicant (User) software, for example, the 802.1x client provided by
3Com (or by Microsoft Windows XP). The 802.1x Authentication Server system
normally stays in the carrier's AAA center.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
