The Port-Authentication Process - Dell Force10 S4810P Configuration Manual
High-density, 1ru 48-port 10gbe switch
Hide thumbs
Also See for Force10 S4810P:
- Manual (60 pages) ,
- Quick start manual (27 pages) ,
- Reference manual (1637 pages)
Table of Contents
Advertisement
Preamble
Start Frame
Delimiter
Range: 0-4
Range: 0-4
Type: 0: EAP Packet
Type: 0: EAP Packet
Note: FTOS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and
*
MS-CHAPv2 with PEAP.
The authentication process involves three devices:
•
The device attempting to access the network is the supplicant. The supplicant is not allowed to
communicate on the network until the port is authorized by the authenticator . It can only communicate
with the authenticator in response to 802.1X requests.
•
The device with which the supplicant communicates is the authenticator. The authenicator is the gate
keeper of the network. It translates and forwards requests and responses between the authentication
server and the supplicant. The authenticator also changes the status of the port based on the results of
the authentication process. The Dell Force10 switch is the authenticator.
•
The authentication-server selects the authentication method, verifies the information provided by the
supplicant, and grants it network access privileges.
Ports can be in one of two states:
•
Ports are in an unauthorized state by default. In this state, non-802.1X traffic cannot be forwarded in
or out of the port.
•
The authenticator changes the port state to authorized if the server can authenticate the supplicant. In
this state, network traffic can be forwarded normally.
Note: The Dell Force10 switches place 802.1X-enabled ports in the unauthorized state by default.
The Port-authentication Process
The authentication process begins when the authenticator senses that a link status has changed from down
to up:
88
|
802.1X
Destination MAC
Source MAC
Ethernet Type
(Auth Port MAC)
(1:80:c2:00:00:03)
(0x888e)
Protocol Version
(1)
1: EAPOL Start
1: EAPOL Start
2: EAPOL Logoff
2: EAPOL Logoff
3: EAPOL Key
3: EAPOL Key
4: EAPOL Encapsulated-ASF-Alert
4: EAPOL Encapsulated-ASF-Alert
Range: 1-4
Codes: 1: Request
2: Response
3: Success
4: Failure
EAPOL Frame
Packet Type
Length
Code
ID
(0-4)
(Seq Number)
Range: 1-255
Codes: 1: Identity
2: Notification
EAP-Method
3: NAK
Code
4: MD-5 Challenge
(0-255)
5: One-Time Challenge
6: Generic Token Card
Padding
FCS
EAP Frame
Length
EAP-Method Frame
Length
(Supplicant Requested Credentials)
EAP-Method Data
Advertisement
Table of Contents
Troubleshooting
