TP-Link T1700G-28TQ User Manual page 222

Jetstream 24-port gigabit stackable smart switch with 4 10ge sfp+ slots

Hide thumbs Also See for T1700G-28TQ:

Installation manual (28 pages)

Installation manual (24 pages)

Installation manual (24 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

page of 258

/ 258
Contents
Table of Contents
Bookmarks

Table of Contents

(1)

EAP Relay Mode

This mode is defined in 802.1X. In this mode, EAP-packets are encapsulated in higher level

protocol (such as EAPOR) packets to allow them successfully reach the authentication server.

This mode normally requires the RADIUS server to support the two fields of EAP: the

EAP-message field and the Message-authenticator field. This switch supports EAP-MD5,

EAP-TLS, EAP-TTLS and EAP-PEAP authentication way for the EAP relay mode. The following

figure describes the basic EAP-MD5 authentication procedure.

A supplicant system launches an 802.1X client program via its registered user name and

password to initiate an access request through the sending of an EAPOL-Start packet to the

switch. The 802.1X client program then forwards the packet to the switch to start the

authentication process.

Upon receiving the authentication request packet, the switch sends an EAP-Request/Identity

packet to ask the 802.1X client program for the user name.

The 802.1X client program responds by sending an EAP-Response/Identity packet to the

switch with the user name included. The switch then encapsulates the packet in a RADIUS

Access-Request packet and forwards it to the RADIUS server.

Upon receiving the user name from the switch, the RADIUS server retrieves the user name,

finds the corresponding password by matching the user name in its database, encrypts the

password using a randomly-generated key, and sends the key to the switch through an

RADIUS Access-Challenge packet. The switch then sends the key to the 802.1X client

program.

Upon receiving the key (encapsulated in an EAP-Request/MD5 Challenge packet) from the

switch, the client program encrypts the password of the supplicant system with the key and

sends the encrypted password (contained in an EAP-Response/MD5 Challenge packet) to

the RADIUS server through the switch. (The encryption is irreversible.)

The RADIUS server compares the received encrypted password (contained in a RADIUS

Access-Request packet) with the locally-encrypted password. If the two match, it will then

send feedbacks (through a RADIUS Access-Accept packet and an EAP-Success packet) to

the switch to indicate that the supplicant system is authorized.

Figure 13-19 EAP-MD5 Authentication Procedure

212

Table of Contents

Show Quick Links

Quick Links:
Configuration

Hide quick links:

Table of Contents

TP-Link T1700G-28TQ User Manual page 222

Hide quick links:

Related Manuals for TP-Link T1700G-28TQ

Related Products for TP-Link T1700G-28TQ

Table of Contents