Ieee 802.1X Authentication With Mac Address-Based Authentication - Siemens RUGGEDCOM ROS User Manual

Hide thumbs Also See for RUGGEDCOM ROS:

User manual (188 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

Table of Contents

RUGGEDCOM ROS

User Guide

Figure 164: IEEE 802.1x General Topology

1. Supplicant

2. Authenticator Switch

IMPORTANT!

ROS supports both Protected Extensible Authentication Protocol (PEAP) and EAP-MD5. PEAP is more

secure and is recommended if available in the supplicant.

IEEE 802.1x makes use of the Extensible Authentication Protocol (EAP), which is a generic PPP authentication

protocol that supports various authentication methods. IEEE 802.1x defines a protocol for communication

between the Supplicant and the Authenticator, referred to as EAP over LAN (EAPOL).

ROS communicates with the Authentication Server using EAP over RADIUS.

NOTE

The switch supports authentication of one host per port.

NOTE

If the host's MAC address is configured in the Static MAC Address Table, it will be authorized, even if

the host authentication is rejected by the authentication server.

Section 5.10.1.3

IEEE 802.1X Authentication with MAC Address-Based Authentication

This method, also referred to as MAB (MAC-Authentication Bypass), is commonly used for devices, such as VoIP

phones and Ethernet printers, that do not support the 802.1x protocol. This method allows such devices to be

authenticated using the same database infrastructure as that used in 802.1x.

IEEE 802.1x with MAC-Authentication Bypass works as follows:

1. The device connects to a switch port.

2. The switch learns the device MAC address upon receiving the first frame from the device (the device usually

sends out a DHCP request message when first connected).

3. The switch sends an EAP Request message to the device, attempting to start 802.1X authentication.

4. The switch times out while waiting for the EAP reply, because the device does not support 802.1x.

5. The switch sends an authentication message to the authentication server, using the device MAC address as

the username and password.

6. The switch authenticates or rejects the device according to the reply from the authentication server.

IEEE 802.1X Authentication with MAC Address-Based

Authentication

3. LAN

4. Authentication Server

Chapter 5

Setup and Configuration

217

Table of Contents

Show Quick Links

Quick Links:
Cli Command Syntax

Hide quick links:

Table of Contents

Ieee 802.1X Authentication With Mac Address-Based Authentication - Siemens RUGGEDCOM ROS User Manual

IEEE 802.1X Authentication with MAC Address-Based Authentication

Hide quick links:

Related Manuals for Siemens RUGGEDCOM ROS

Related Content for Siemens RUGGEDCOM ROS

Table of Contents