Configuration; Understanding Ieee 802.1X Port-Based Authentication - Planet FGSD-1022P User Manual

8-port 10/100mbps + 2 gigabit tp/sfp layer managed switch | 8-port 10/100mbps + 2 gigabit tp/sfp managed poe switch | 8-port 10/100mbps + 2 gigabit tp/sfp combo managed 802.3at poe switch

Hide thumbs Also See for FGSD-1022P:

Quick installation manual (15 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

Table of Contents

4.12 802.1X Configuration

802.1x is an IEEE authentication specification which prevents the client from accessing a wireless access point or wired

switch until it provides authority, like the user name and password that are verified by an authentication server (such as

RADIUS server).

4.12.1 Understanding IEEE 802.1X Port-Based Authentication

The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts

unauthorized clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates

each client connected to a switch port before making available any services offered by the switch or the LAN.

Until the client is authenticated, 802.1X access control allows only Extensible Authentication Protocol over LAN

(EAPOL) traffic through the port to which the client is connected. After authentication is successful, normal traffic can pass

through the port.

This section includes this conceptual information:

 Device Roles

 Authentication Initiation and Message Exchange

 Ports in Authorized and Unauthorized States



Device Roles

With 802.1X port-based authentication, the devices in the network have specific roles as shown below.

Client—the device (workstation) that requests access to the LAN and switch services and responds to requests from the

switch. The workstation must be running 802.1X-compliant client software such as that offered in the Microsoft Windows XP

operating system. (The client is the supplicant in the IEEE 802.1X specification.)



Authentication server—performs the actual authentication of the client. The authentication server validates the

identity of the client and notifies the switch whether or not the client is authorized to access the LAN and switch

services. Because the switch acts as the proxy, the authentication service is transparent to the client. In this release,

the Remote Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication

Protocol (EAP) extensions is the only supported authentication server; it is available in Cisco Secure Access

Figure 4-12-1: 802.1x device role

131

User's Manual of FGSD-1022 Series

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Fgsd-1022 Fgsd-1022hp

Configuration; Understanding Ieee 802.1X Port-Based Authentication - Planet FGSD-1022P User Manual

4.12.1 Understanding IEEE 802.1X Port-Based Authentication

Hide quick links:

Related Manuals for Planet FGSD-1022P

Related Content for Planet FGSD-1022P

This manual is also suitable for:

Table of Contents