Table of Contents
Advertisement
Port A1
Switch "A"
Port A1 Configured as an
802.1X Supplicant
Figure 8-2. Example of Supplicant Operation
ii. If the client is successfully authenticated and authorized to con-
nect to the network, then the switch allows access to the client.
Otherwise, access is denied and the port remains blocked.
Switch-Port Supplicant Operation
This operation provides security on links between 802.1X-aware switches. For
example, suppose that you want to connect two switches, where:
■
Switch "A" has port A1 configured for 802.1X supplicant operation.
■
You want to connect port A1 on switch "A" to port B5 on switch "B".
1.
When port A1 on switch "A" is first connected to a port on switch "B", or
if the ports are already connected and either switch reboots, port A1
begins sending start packets to port B5 on switch "B".
•
If, after the supplicant port sends the configured number of start
packets, it does not receive a response, it assumes that switch "B" is
not 802.1X-aware, and transitions to the authenticated state. If switch
"B" is operating properly and is not 802.1X-aware, then the link should
begin functioning normally, but without 802.1X security.
•
If, after sending one or more start packets, port A1 receives a request
packet from port B5, then switch "B" is operating as an 802.1X
authenticator. The supplicant port then sends a response/ID packet.
Switch "B" forwards this request to a RADIUS server.
2.
The RADIUS server then responds with an MD5 access challenge that
switch "B" forwards to port A1 on switch "A".
Configuring Port-Based and Client-Based Access Control (802.1X)
Switch "B"
Port B5
LAN Core
General 802.1X Authenticator Operation
RADIUS Server
8-11
Hide quick links:
Advertisement
Table of Contents
