Authentication - Planet GSW-1602SF User Manual

10/100/1000mbps 16/24-port web smart gigabit ethernet switch

Hide thumbs Also See for GSW-1602SF:

User manual (139 pages)

Quick installation manual (7 pages)

User manual (20 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

Table of Contents

User's Manual of GSW-1602SF / GSW-2404SF

4.10 802.1X Authentication

Overview of 802.1X (Port-Based) Authentication

In the 802.1X-world, the user is called the supplicant, the switch is the authenticator, and the RADIUS server is the

authentication server. The switch acts as the man-in-the-middle, forwarding requests and responses between the

supplicant and the authentication server. Frames sent between the supplicant and the switch are special 802.1X frames,

known as EAPOL (EAP Over LANs) frames. EAPOL frames encapsulate EAP PDUs (RFC3748). Frames sent between

the switch and the RADIUS server are RADIUS packets. RADIUS packets also encapsulate EAP PDUs together with other

attributes like the switch's IP address, name, and the supplicant's port number on the switch. EAP is very flexible, in that it

allows for different authentication methods, like MD5-Challenge, PEAP, and TLS. The important thing is that the

authenticator (the switch) doesn't need to know which authentication method the supplicant and the authentication server

are using, or how many information exchange frames are needed for a particular method. The switch simply encapsulates

the EAP part of the frame into the relevant type (EAPOL or RADIUS) and forwards it.

When authentication is complete, the RADIUS server sends a special packet containing a success or failure indication.

Besides forwarding this decision to the supplicant, the switch uses it to open up or block traffic on the switch port connected

to the supplicant.

The PLANET GSW -1602SF / GSW-2404SF supports IEEE 802.1X Port-base network access control and RADIUS server

authentication to enhance the host link more security. An 802.1X Infrastructure is composed of three major components:

Authenticator, Authentication server, and Supplicant.

Authentication server – (RADIUS Server): An entity that provides an authentication service to an authenticator. This

service determines, from the credentials provided by the supplicant, whether the supplicant is authorized to access the

services provided by the authenticator.

Authenticator-(GSW-1602SF / GSW-2404SF): An entity at one end of a point-to-point LAN segment that facilitates

authentication of the entity attached to the other end of that link.

Supplicant-(A Host Client): An entity at one end of a point-to-point LAN segment that is being authenticated by an

authenticator attached to the other end of that link.

The instructions are divided into three parts:

-104-

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Gsw-2404sf

Authentication - Planet GSW-1602SF User Manual

Hide quick links:

Related Manuals for Planet GSW-1602SF

Related Content for Planet GSW-1602SF

This manual is also suitable for:

Table of Contents