Zte ZXR10 8900 Product Description page 60

ZXR10 8900 Product Description
4.3.7.11 802.1X Module
802.1X, a Client/Server-based access control and authentication protocol, authorizes
users to access the system services via this port by giving them authentication so that
the unauthorized data transmission between users and services provided by the system
are inhibited. With the 802.1X access control, only the EAPOL frame is firstly allowed to
pass the port, and other data can pass this port only after being authenticated.
With 802.1X, of the access nodes of the authenticator system to LAN, two logical ports
are generated: controlled port and uncontrolled port. The uncontrolled port can
exchange PDU with other systems freely no matter whether the port is authorized or not,
while the controlled port exchanges PDU with other systems only when the port is
authorized. PAE is the entity of algorithm and protocol related to the authentication
mechanism. PAE of the requester is responsible for giving response to the request from
the PAE of the authenticator by providing the authentication messages. PAE of the
authenticator is to communicate with that of the requester and submit the messages
received from the PAE of the requester to the authentication server. Then the
authentication server will verify these messages to determine whether authorize the
requester to access the authenticator. PAE of the authenticator controls the port
authorization according to the authentication result. PAE of the authenticator exchanges
its EAPOL protocol with that of the requester via the uncontrolled port and
communicates with the RADIUS authentication server with EAPOR.
This 802.1X module functions to:
•
Supporting the functions of the authenticator.
•
Supporting local authentication mode.
•
Supporting the PAE of the authenticator to exchange protocols with that of the
requester via an uncontrolled port.
•
Supporting the operation to the controlled port with the AuthControlledPortControl
parameters ForceUnauthorized, Auto and ForceAuthorized.
•
Supporting the operation to the controlled port with the parameters of
AdminControlledDirections and OperControlledDirextions.
•
Supporting the periodical reauthentication to the requester with the reauthentication
timer.
•
Supporting the transparent transmission of the 802.1x authentication packets when
the authentication is disabled.
4.3.7.12 ZESR Module
•
Basic Principles
ZESR is Ethernet ring technology based on EAPS (RFC3619) protocol. ZESR
allows network administrator to create Ethernet rings in a way similar to FDDI (Fiber
Distributed Data Interface) or SONET/SDH rings. ZESR can recover from any link
52 © 2009 ZTE Corporation. All rights reserved. ZTE Confidential Proprietary