TP-Link JetStream TL-SG3216 User Manual page 163

L2 lite managed switch

Hide thumbs Also See for JetStream TL-SG3216:

Reference manual (191 pages)

User manual (292 pages)

Cli reference manual (285 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

page of 232

/ 232
Contents
Table of Contents
Bookmarks

Table of Contents

802.1X adopts a client/server architecture with three entities: a supplicant system, an

authenticator system, and an authentication server system, as shown in the following figure.

（1） Supplicant System: The supplicant system is an entity in LAN and is authenticated by the

authenticator system. The supplicant system is usually a common user terminal computer.

An 802.1X authentication is initiated when a user launches client program on the

supplicant system. Note that the client program must support the 802.1X authentication

protocol.

（2） Authenticator System: The authenticator system is usually an 802.1X-supported network

device, such as this TP-LINK switch. It provides the physical or logical port for the

supplicant system to access the LAN and authenticates the supplicant system.

（3） Authentication Server System: The authentication server system is an entity that

provides authentication service to the authenticator system. Normally in the form of a

RADIUS server. Authentication Server can store user information and serve to perform

authentication and authorization. To ensure a stable authentication system, an alternate

authentication server can be specified. If the main authentication server is in trouble, the

alternate authentication server can substitute it to provide normal authentication service.

The Mechanism of an 802.1X Authentication System

IEEE 802.1X authentication system uses EAP (Extensible Authentication Protocol) to exchange

information between the supplicant system and the authentication server.

（1） EAP protocol packets transmitted between the supplicant system and the authenticator

system are encapsulated as EAPOL packets.

（2） EAP protocol packets transmitted between the authenticator system and the RADIUS

server can either be encapsulated as EAPOR (EAP over RADIUS) packets or be

terminated at authenticator system and the authenticator system then communicate with

RADIUS servers through PAP (Password Authentication Protocol) or CHAP (Challenge

Handshake Authentication Protocol) protocol packets.

（3） When a supplicant system passes the authentication, the authentication server passes the

information about the supplicant system to the authenticator system. The authenticator

system in turn determines the state (authorized or unauthorized) of the controlled port

according to the instructions (accept or reject) received from the RADIUS server.

Figure 11-17 Architecture of 802.1X authentication

156

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Jetstream tl-sg3424

TP-Link JetStream TL-SG3216 User Manual page 163

Hide quick links:

Related Manuals for TP-Link JetStream TL-SG3216

Related Products for TP-Link JetStream TL-SG3216

This manual is also suitable for:

Table of Contents