802.1X Supplicant; Radius - Fujitsu PSWITCH 2048T User Manual

FUJITSU PSWITCH User's Guide

3.1.5.5.3. 802.1X Supplicant

IEEE 802.1X supplicant capability allows the system to authenticate itself with the
network prior to being allowed to join it. The supplicant initiates communication
with the authenticator by sending a start packet on port initialization. On reception
of requests from the authenticator, the supplicant sends back the appropriate
responses according to the 802.1X standard. On successful authentication, the
supplicant port moves to the authenticated state.
The implementation and framework of this switch is based on the IEEE standard
802.1X 2004 and supports RFC 3748 for MD5 EAP challenges.

3.1.5.6. RADIUS

Managing and determining the validity of users in a large network can be
significantly simplified by making use of a single database of accessible
information as in an Authentication Server. Remote Authentication Dial-In User
Service (RADIUS) servers commonly support the Remote Authentication Dial-In
User Service (RADIUS) protocol as defined by RFC 2865.
RADIUS permits access to a users authentication and configuration information
contained on the server only when requests are received from a client that shares
an encrypted secret with the server. This secret is never transmitted over the
network in an attempt to maintain a secure environment. Any requests from clients
that are not appropriately configured with the secret or access from unauthorized
devices are silently discarded by the server.
RADIUS conforms to a client/server model with secure communications using UDP
as a transport protocol. It is extremely flexible, supporting a variety of methods to
authenticate and statistically track users. It is very extensible, allowing for new
methods of authentication to be added without disrupting existing functionality.
This software can bind an pre-configuration diffserv policy rule by RADIUS attribute
(Filter-ID) sent from RADIUS server to enforce device security with mac-based dot1x
authentication. The Filter-ID need to fill the name of diffserv policy we have
created. By the way, the diffserv rule witch assigned by RADIUS server is
incompatible with user setting one. For example, It will fail to bind a diffserv policy
which RADIUS assigns on port 1, when user have binded a diffserv policy to same
port. Similarly, It will fail to bind a diffserv policy which user creates on port 1,
when RADIUS have assigned a diffserv policy and binds it to same port.
104 December/2018