222
C
25: 802.1
HAPTER
X
802.1x Authentication
Process
C
ONFIGURATION
There are two types of ports for the Authenticator. One is the Uncontrolled Port,
and the other is the Controlled Port. The Uncontrolled Port is always in
bi-directional connection state. The user can access and share the network
resources any time through the ports. The Controlled Port will be in connecting
state only after the user passes the authentication. Then the user is allowed to
access the network resources.
Figure 58 802.1x system architecture
802.1x configures EAP frame to carry the authentication information. The
Standard defines the following types of EAP frames:
EAP-Packet: Authentication information frame, used to carry the
■
authentication information.
EAPoL-Start: Authentication originating frame, actively originated by the
■
Supplicant.
EAPoL-Logoff: Logoff request frame, actively terminating the authenticated
■
state.
EAPoL-Key: Key information frame, supporting to encrypt the EAP packets.
■
EAPoL-Encapsulated-ASF-Alert: Supports the Alerting message of Alert
■
Standard Forum (ASF).
The EAPoL-Start, EAPoL-Logoff and EAPoL-Key only exist between the Supplicant
and the Authenticator. The EAP-Packet information is re-encapsulated by the
Authenticator System and then transmitted to the Authentication Server System.
The EAPoL-Encapsulated-ASF-Alert is related to the network management
information and terminated by the Authenticator.
802.1x provides an implementation solution of user ID authentication. However,
802.1x itself is not enough to implement the scheme. The administrator of the
access device should configure the AAA scheme by selecting RADIUS or local
authentication so as to assist 802.1x to implement the user ID authentication. For
detailed description of AAA, refer to the "AAA&RADIUS&HWTAWACS" part in
this document.