Table of Contents
Advertisement
Figure 47-1-12
47.1.7 The Extension and Optimization of 802.1x
Besides supporting the port- based access authentication method specified by the protocol, devices also
extend and optimize it when implementing the EAP relay mode and EAP termination mode of 802.1x.
Supports some applic ations in the case of which one physical port can have more than one users
There are three access control methods (the methods to authenticate users): port -bas ed, MAC-based
and user-based (IP address+ MAC address+ port ).
When the port-based method is used, as long as the first user of this port passes the authentication,
all the other users can access the network resources without being authenticated. However, once
the first user is offline, the net work won't be available to all the other users.
When the MAC-based method is used, all the users accessing a port should be authenticated
separately, only those pass the authentication can access the network, while the others can not.
When one user becomes offline, the ot her users will not be affected.
When the user-based (IP address+ MAC address+ port) met hod is used, all users can access
limited resources before being authenticated. There are two kinds of control in this method: standard
control and advanc ed cont rol. The user-based standard control will not restrict the access to limited
the Authentication Flow of 802.1x EAP Termination Mode
47-11
Advertisement
Table of Contents
Troubleshooting
