Table of Contents
Advertisement
Configuring IEEE 802.1x Port-Based Authentication
Information About Configuring IEEE 802.1x Port-Based Authentication
Figure 20
Message Exchange
Client
If 802.1x authentication times out while waiting for an EAPOL message exchange and MAC authentication bypass is
enabled, the switch can authorize the client when the switch detects an Ethernet packet from the client. The switch uses
the MAC address of the client as its identity and includes this information in the RADIUS-access/request frame that is
sent to the RADIUS server. After the server sends the switch the RADIUS-access/accept frame (authorization is
successful), the port becomes authorized. If authorization fails and a guest VLAN is specified, the switch assigns the port
to the guest VLAN. If the switch detects an EAPOL packet while waiting for an Ethernet packet, the switch stops the MAC
authentication bypass process and stops 802.1x authentication.
Figure 21
Message Exchange During MAC Authentication Bypass
Client
EAPOL-Start
EAP-Request/Identity
EAP-Response/Identity
EAP-Request/OTP
EAP-Response/OTP
EAP-Success
Port Authorized
EAPOL-Logoff
Port Unauthorized
Switch
EAPOL Request/Identity
EAPOL Request/Identity
EAPOL Request/Identity
Ethernet packet
Authentication
RADIUS Access-Request
RADIUS Access-Challenge
RADIUS Access-Request
RADIUS Access-Accept
Authentication
RADIUS Access/Request
RADIUS Access/Accept
193
server
(RADIUS)
server
(RADIUS)
- Quick Links:
- Configuration Overview
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the IE-4000 and is the answer not in the manual?
Questions and answers