TP-Link JetStream TL-SG3216 User Manual page 165

L2 lite managed switch

Hide thumbs Also See for JetStream TL-SG3216:

Reference manual (191 pages)

User manual (292 pages)

Cli reference manual (285 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

page of 232

/ 232
Contents
Table of Contents
Bookmarks

Table of Contents

Upon receiving the key (encapsulated in an EAP-Request/MD5 Challenge packet) from the

switch, the client program encrypts the password of the supplicant system with the key and

sends the encrypted password (contained in an EAP-Response/MD5 Challenge packet) to

the RADIUS server through the switch. (The encryption is irreversible.)

The RADIUS server compares the received encrypted password (contained in a RADIUS

Access-Request packet) with the locally-encrypted password. If the two match, it will then

send feedbacks (through a RADIUS Access-Accept packet and an EAP-Success packet) to

the switch to indicate that the supplicant system is authorized.

The switch changes the state of the corresponding port to accepted state to allow the

supplicant system access the network. And then the switch will monitor the status of

supplicant by sending hand-shake packets periodically. By default, the switch will force the

supplicant to log off if it can not get the response from the supplicant for two times.

The supplicant system can also terminate the authenticated state by sending EAPOL-Logoff

packets to the switch. The switch then changes the port state from accepted to rejected.

（2） EAP Terminating Mode

In this mode, packet transmission is terminated at authenticator systems and the EAP packets are

mapped into RADIUS packets. Authentication and accounting are accomplished through RADIUS

protocol.

In this mode, PAP or CHAP is employed between the switch and the RADIUS server. This switch

supports the PAP terminating mode. The authentication procedure of PAP is illustrated in the

following figure.

Supplicant System

EAPOL-Start

EAP-Request/Identity

EAP-Response/Identity

EAP-Request

EAP-Response

EAP-Success

In PAP mode, the switch encrypts the password and sends the user name, the

randomly-generated key, and the supplicant system-encrypted password to the RADIUS server for

further authentication. Whereas the randomly-generated key in EAP-MD5 relay mode is generated

by the authentication server, and the switch is responsible to encapsulate the authentication

packet and forward it to the RADIUS server.

802.1X Timer

In 802.1 x authentication, the following timers are used to ensure that the supplicant system, the

switch, and the RADIUS server interact in an orderly way:

（1） Supplicant system timer (Supplicant Timeout): This timer is triggered by the switch

EAP

Switch

Figure 11-19 PAP Authentication Procedure

158

RADIUS

RADIUS-Access-Request

RADIUS-Access-Accept

Authentication Server

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Jetstream tl-sg3424

TP-Link JetStream TL-SG3216 User Manual page 165

Hide quick links:

Related Manuals for TP-Link JetStream TL-SG3216

Related Products for TP-Link JetStream TL-SG3216

This manual is also suitable for:

Table of Contents