TP-Link TL-SL5428E User Manual page 178

24-port 10/100mbps + 4-port gigabit l2 managed switch

Hide thumbs Also See for TL-SL5428E:

Reference manual (341 pages)

Cli reference manual (320 pages)

User manual (307 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

page of 250

/ 250
Contents
Table of Contents
Bookmarks

Table of Contents

the RADIUS server through the switch. (The encryption is irreversible.)

The RADIUS server compares the received encrypted password (contained in a RADIUS

Access-Request packet) with the locally-encrypted password. If the two match, it will then

send feedbacks (through a RADIUS Access-Accept packet and an EAP-Success packet) to

the switch to indicate that the supplicant system is authorized.

The switch changes the state of the corresponding port to accepted state to allow the

supplicant system access the network. And then the switch will monitor the status of

supplicant by sending hand-shake packets periodically. By default, the switch will force the

supplicant to log off if it can not get the response from the supplicant for two times.

The supplicant system can also terminate the authenticated state by sending EAPOL-Logoff

packets to the switch. The switch then changes the port state from accepted to rejected.

（2） EAP Terminating Mode

In this mode, packet transmission is terminated at authenticator systems and the EAP packets are

mapped into RADIUS packets. Authentication and accounting are accomplished through RADIUS

protocol.

In this mode, PAP or CHAP is employed between the switch and the RADIUS server. This switch

supports the PAP terminating mode. The authentication procedure of PAP is illustrated in the

following figure.

Supplicant System

EAPOL-Start

EAP-Request/Identity

EAP-Response/Identity

EAP-Request

EAP-Response

EAP-Success

In PAP mode, the switch encrypts the password and sends the user name, the

randomly-generated key, and the supplicant system-encrypted password to the RADIUS server for

further authentication. Whereas the randomly-generated key in EAP-MD5 relay mode is generated

by the authentication server, and the switch is responsible to encapsulate the authentication

packet and forward it to the RADIUS server.

802.1X Timer

In 802.1 x authentication, the following timers are used to ensure that the supplicant system, the

switch, and the RADIUS server interact in an orderly way:

（1） Supplicant system timer (Supplicant Timeout): This timer is triggered by the switch

after the switch sends a request packet to a supplicant system. The switch will resend the

request packet to the supplicant system if the supplicant system fails to respond in the

specified timeout period.

EAP

Switch

Figure 13-21 PAP Authentication Procedure

170

RADIUS

RADIUS-Access-Request

RADIUS-Access-Accept

Authentication Server

Table of Contents

TP-Link TL-SL5428E User Manual page 178

Related Manuals for TP-Link TL-SL5428E

Related Products for TP-Link TL-SL5428E

Table of Contents