Table of Contents
Advertisement
LANCOM ES-2126+ und LANCOM ES-2126P
Chapter 4: Operation of Web- based Management
Supplicant PAE. In this case, PC A wants to access the services on device B and
C, first, it must exchange the authentication message with the authenticator
on the port it connected via EAPOL packet. The authenticator transfers the
supplicant's credentials to Authentication server for verification. If success,
the authentication server will notice the authenticator the grant. PC A, then,
is allowed to access B and C via the switch. If there are two switches directly
connected together instead of single one, for the link connecting two swit-
ches, it may have to act two port roles at the end of the link: authenticator
and supplicant, because the traffic is bi-directional.
The figure shows the procedure of 802.1x authentication. There are steps for
the login based on 802.1x port access control management. The protocol
used in the right side is EAPOL and the left side is EAP.
³
·
»
¿
90
At the initial stage, the supplicant A is unauthenticated and a port on
switch acting as an authenticator is in unauthorized state. So the access
is blocked in this stage.
Initiating a session. Either authenticator or supplicant can initiate the
message exchange. If supplicant initiates the process, it sends EAPOL-
start packet to the authenticator PAE and authenticator will immediately
respond EAP-Request/Identity packet.
The authenticator always periodically sends EAP-Request/Identity to the
supplicant for requesting the identity it wants to be authenticated.
If the authenticator doesn't send EAP-Request/Identity, the supplicant will
initiate EAPOL-Start the process by sending to the authenticator.
Advertisement
Table of Contents
