Table of Contents
Advertisement
Figure
25.1.7 The Extension and Optimization of 802.1x
Besides supporting the port- based access authentication method specified by the protocol, devices also
extend and optimize it when implementing the EAP relay mode and EAP termination mode of 802.1x.
Supports some applications in the case of which one physical port can have more than one users
There are three access control methods (the methods to authenticate users): port-based, MAC-based
and user-based (IP address+ MAC address+ port).
When the port-based method is used, as long as the first user of this port passes the authentication,
all the other users can access the network resources without being authenticated. However, once
the first user is offline, the network won't be available to all the other users.
When the MAC-based method is used, all the users accessing a port should be authenticated
separately, only those pass the authentication can access the network, while the others can not.
When one user becomes offline, the other users will not be affected.
When the user-based (IP address+ MAC address+ port) method is used, all users can access
limited resources before being authenticated. There are two kinds of control in this method: standard
control and advanced control. The user-based standard control will not restrict the access to limited
resources, which means all users of this port can access limited resources before being
25-12 the Authentication Flow of 802.1x EAP Termination Mode
25-11
Advertisement
Table of Contents
Troubleshooting
