IBM RackSwitch G8000 Application Manual page 76

74
RackSwitch G8000: Application Guide
The RADIUS authentication server chooses an EAP-supported authentication
algorithm to verify the client's identity, and sends an EAP-Request packet to the
client via the G8000 authenticator. The client then replies to the RADIUS server with
an EAP-Response containing its credentials.
Upon a successful authentication of the client by the server, the 802.1X-controlled
port transitions from unauthorized to authorized state, and the client is allowed full
access to services through the controlled port. When the client later sends an
EAPOL-Logoff message to the G8000 authenticator, the port transitions from
authorized to unauthorized state.
If a client that does not support 802.1X connects to an 802.1X-controlled port, the
G8000 authenticator requests the client's identity when it detects a change in the
operational state of the port. The client does not respond to the request, and the port
remains in the unauthorized state.
Note: When an 802.1X-enabled client connects to a port that is not
802.1X-controlled, the client initiates the authentication process by sending
an EAPOL-Start frame. When no response is received, the client retransmits
the request for a fixed number of times. If no response is received, the client
assumes the port is in authorized state, and begins sending frames, even if
the port is unauthorized.