TP-Link JetStream L2 Lite TL-SG3210 User Manual page 165

Managed switch

Hide thumbs Also See for JetStream L2 Lite TL-SG3210:

User manual (292 pages)

Cli reference manual (285 pages)

Installation manual (32 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

page of 231

/ 231
Contents
Table of Contents
Bookmarks

Table of Contents

Upon receiving the authentication request packet, the switch sends an EAP-Request/Identity

packet to ask the 802.1X client program for the user name.

The 802.1X client program responds by sending an EAP-Response/Identity packet to the

switch with the user name included. The switch then encapsulates the packet in a RADIUS

Access-Request packet and forwards it to the RADIUS server.

Upon receiving the user name from the switch, the RADIUS server retrieves the user name,

finds the corresponding password by matching the user name in its database, encrypts the

password using a randomly-generated key, and sends the key to the switch through an

RADIUS Access-Challenge packet. The switch then sends the key to the 802.1X client

program.

Upon receiving the key (encapsulated in an EAP-Request/MD5 Challenge packet) from the

switch, the client program encrypts the password of the supplicant system with the key and

sends the encrypted password (contained in an EAP-Response/MD5 Challenge packet) to

the RADIUS server through the switch. (The encryption is irreversible.)

The RADIUS server compares the received encrypted password (contained in a RADIUS

Access-Request packet) with the locally-encrypted password. If the two match, it will then

send feedbacks (through a RADIUS Access-Accept packet and an EAP-Success packet) to

the switch to indicate that the supplicant system is authorized.

The switch changes the state of the corresponding port to accepted state to allow the

supplicant system access the network. And then the switch will monitor the status of

supplicant by sending hand-shake packets periodically. By default, the switch will force the

supplicant to log off if it can not get the response from the supplicant for two times.

The supplicant system can also terminate the authenticated state by sending EAPOL-Logoff

packets to the switch. The switch then changes the port state from accepted to rejected.

（2） EAP Terminating Mode

In this mode, packet transmission is terminated at authenticator systems and the EAP packets are

mapped into RADIUS packets. Authentication and accounting are accomplished through RADIUS

protocol.

In this mode, PAP or CHAP is employed between the switch and the RADIUS server. This switch

supports the PAP terminating mode. The authentication procedure of PAP is illustrated in the

following figure.

Supplicant System

EAPOL-Start

EAP-Request/Identity

EAP-Response/Identity

EAP-Request

EAP-Response

EAP-Success

EAP

Switch

Figure 11-19 PAP Authentication Procedure

158

RADIUS

RADIUS-Access-Request

RADIUS-Access-Accept

Authentication Server

Table of Contents

TP-Link JetStream L2 Lite TL-SG3210 User Manual page 165

Related Manuals for TP-Link JetStream L2 Lite TL-SG3210

Related Products for TP-Link JetStream L2 Lite TL-SG3210

Table of Contents