Table of Contents
Advertisement
connected from a physical standpoint; however, the 802.1X process has not authorized the port and no frames
are passed from the port on the supplicant into the switching engine. If the PC attached to the switch did not
understand the EAP PDU that it was receiving from the switch, it would not be able to send an ID and the port
would remain unauthorized. In this state, the port would never pass any user traffic and would be as good as
disabled. If the client PC is running the 802.1X EAP, it would respond to the request with its configured ID.
(This could be a username/password combination or a certificate.)
After the switch, the authenticator receives the ID from the PC (the supplicant). The switch then passes the ID
information to an authentication server (RADIUS server) that can verify the identification information. The
RADIUS server responds to the switch with either a success or failure message. If the response is a success, the
port will be authorized and user traffic will be allowed to pass through the port like any switch port connected
to an access device. If the response is a failure, the port will remain unauthorized and, therefore, unused. If
there is no response from the server, the port will also remain unauthorized and will not pass any traffic.
4.9.1 802.1X Configuration
-86-
Advertisement
Table of Contents
