Lancom ES-2126+ Manual page 101

Hide thumbs Also See for ES-2126+:

Brochure & specs (4 pages)

Manual (244 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

page of 270

/ 270
Contents
Table of Contents
Bookmarks

Table of Contents

LANCOM ES-2126+ and LANCOM ES-2126P+

Chapter 4: Operation of Web- based Management

The figure shows the procedure of 802.1x authentication. There are steps for

the login based on 802.1x port access control management. The protocol

used in the right side is EAPOL and the left side is EAP.

100

At the initial stage, the supplicant A is unauthenticated and a port on

switch acting as an authenticator is in unauthorized state. So the access

is blocked in this stage.

Initiating a session. Either authenticator or supplicant can initiate the

message exchange. If supplicant initiates the process, it sends EAPOL-

start packet to the authenticator PAE and authenticator will immediately

respond EAP-Request/Identity packet.

The authenticator always periodically sends EAP-Request/Identity to the

supplicant for requesting the identity it wants to be authenticated.

If the authenticator doesn't send EAP-Request/Identity, the supplicant will

initiate EAPOL-Start the process by sending to the authenticator.

And next, the Supplicant replies an EAP-Response/Identity to the authen-

ticator. The authenticator will embed the user ID into Radius-Access-

Request command and send it to the authentication server for confirming

its identity.

After receiving the Radius-Access-Request, the authentication server

sends Radius-Access-Challenge to the supplicant for asking for inputting

user password via the authenticator PAE.

The supplicant will convert user password into the credential information,

perhaps, in MD5 format and replies an EAP-Response with this credential

information as well as the specified authentication algorithm (MD5 or

OTP) to Authentication server via the authenticator PAE. As per the value

of the type field in message PDU, the authentication server knows which

algorithm should be applied to authenticate the credential information,

EAP-MD5 (Message Digest 5) or EAP-OTP (One Time Password) or other

else algorithm.

If user ID and password is correct, the authentication server will send a

Radius-Access-Accept to the authenticator. If not correct, the authentica-

tion server will send a Radius-Access-Reject.

When the authenticator PAE receives a Radius-Access-Accept, it will send

an EAP-Success to the supplicant. At this time, the supplicant is authori-

zed and the port connected to the supplicant and under 802.1x control is

Table of Contents

This manual is also suitable for:

Es-2126p+

Lancom ES-2126+ Manual page 101

Related Manuals for Lancom ES-2126+

Related Products for Lancom ES-2126+

This manual is also suitable for:

Table of Contents