TP-Link TL-SL3428 User Manual page 171

Jetstream l2 managed switch

Hide thumbs Also See for TL-SL3428:

User manual (237 pages)

Reference manual (232 pages)

Installation manual (32 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

page of 248

/ 248
Contents
Table of Contents
Bookmarks

Table of Contents

A supplicant system launches an 802.1X client program via its registered user name and

password to initiate an access request through the sending of an EAPOL-Start packet to the

switch. The 802.1X client program then forwards the packet to the switch to start the

authentication process.

Upon receiving the authentication request packet, the switch sends an EAP-Request/Identity

packet to ask the 802.1X client program for the user name.

The 802.1X client program responds by sending an EAP-Response/Identity packet to the

switch with the user name included. The switch then encapsulates the packet in a RADIUS

Access-Request packet and forwards it to the RADIUS server.

Upon receiving the user name from the switch, the RADIUS server retrieves the user name,

finds the corresponding password by matching the user name in its database, encrypts the

password using a randomly-generated key, and sends the key to the switch through an

RADIUS Access-Challenge packet. The switch then sends the key to the 802.1X client

program.

Upon receiving the key (encapsulated in an EAP-Request/MD5 Challenge packet) from the

switch, the client program encrypts the password of the supplicant system with the key and

sends the encrypted password (contained in an EAP-Response/MD5 Challenge packet) to

the RADIUS server through the switch. (The encryption is irreversible.)

The RADIUS server compares the received encrypted password (contained in a RADIUS

Access-Request packet) with the locally-encrypted password. If the two match, it will then

send feedbacks (through a RADIUS Access-Accept packet and an EAP-Success packet) to

the switch to indicate that the supplicant system is authorized.

The switch changes the state of the corresponding port to accepted state to allow the

supplicant system access the network. And then the switch will monitor the status of

supplicant by sending hand-shake packets periodically. By default, the switch will force the

supplicant to log off if it can not get the response from the supplicant for two times.

Figure 11-18 EAP-MD5 Authentication Procedure

162

Table of Contents

This manual is also suitable for:

Tl-sl3452

TP-Link TL-SL3428 User Manual page 171

Related Manuals for TP-Link TL-SL3428

Related Products for TP-Link TL-SL3428

This manual is also suitable for:

Table of Contents