Authentication Modes - Avaya G250 Administration Manual

Accessing the Avaya G250/G350 Media Gateway
Note:
You cannot enable 802.1x on the MM314/MM316 media modules' Gigabit
Note:
Ethernet port (port 51). Also, 802.1x is not available on the G250-DCP.
The 802.1x application complies with the existing IEEE Port Based Network Control standard to
perform its authentication operation. Specifically, it makes use of Extensible Authentication
Protocol (EAP) messages encapsulated within Ethernet frames (EAPOL), and EAP over
RADIUS for the communication between the Authenticator and the Authentication Server.
Note:
The G250/G350 supports the following EAP types: MD5, PEAP, TTLS, and TLS.
Note:
The 802.1x protocol defines an interaction between the following three entities:
Supplicant. An entity (the host) at one end of a point-to-point LAN segment that is
●
requesting authentication
Authenticator. An entity (in this case the G250/G350) at the other end of a point-to-point
●
LAN segment that facilitates authentication of the Supplicant
Authentication (RADIUS) Server. An entity that provides an authentication service to the
●
Authenticator. The Authentication Server determines, from the credentials provided by the
Supplicant, whether the Supplicant is authorized to access the services provided by the
Authenticator.

Authentication Modes

Port-based. The authentication mode defined by the 802.1x standard. This mode requires
●
that each 10/100 802.1x-enabled port be connected directly to a single 802.1x Supplicant,
so security will be maintained. If more clients are connected to that port, the first
authenticated client opens the port and all other clients are able to enter the network
without the need for authentication.
Port-based mode is the default mode and it is backward compatible with the 802.1x
implementation in previous releases.
This mode is also known as Single Supplicant mode.
MAC-based. An extension to the 802.1x standard. In this mode, multiple Supplicants are
●
connected to an 802.1x-enabled port via an external repeater/hub. Authentication is
performed per MAC address.
The main application for the MAC-based mode is to allow the connection of an Avaya IP
phone and a PC which are connected to the same gateway port and support the 802.1x
application. In previous releases, this case could not be supported because in port-based
mode the gateway authenticates the port and not the stations connected to it. Thus,
connecting two supplicants to the same port in port-base mode could confuse the gateway.
This mode is also known as Multi Supplicant mode.
Note:
It is highly recommended to configure all ports in MAC-based mode.
Note:
66 Administration for the Avaya G250 and Avaya G350 Media Gateways