Port A1 Configured as an
Figure 8-2. Example of Supplicant Operation
ii. If the client is successfully authenticated and authorized to con-
nect to the network, then the switch allows access to the client.
Otherwise, access is denied and the port remains blocked.
Switch-Port Supplicant Operation
This operation provides security on links between 802.1X-aware switches. For
example, suppose that you want to connect two switches, where:
Switch "A" has port A1 configured for 802.1X supplicant operation.
You want to connect port A1 on switch "A" to port B5 on switch "B".
When port A1 on switch "A" is first connected to a port on switch "B", or
if the ports are already connected and either switch reboots, port A1
begins sending start packets to port B5 on switch "B".
If, after the supplicant port sends the configured number of start
packets, it does not receive a response, it assumes that switch "B" is
not 802.1X-aware, and transitions to the authenticated state. If switch
"B" is operating properly and is not 802.1X-aware, then the link should
begin functioning normally, but without 802.1X security.
If, after sending one or more start packets, port A1 receives a request
packet from port B5, then switch "B" is operating as an 802.1X
authenticator. The supplicant port then sends a response/ID packet.
Switch "B" forwards this request to a RADIUS server.
The RADIUS server then responds with an MD5 access challenge that
switch "B" forwards to port A1 on switch "A".
Configuring Port-Based and Client-Based Access Control (802.1X)
General 802.1X Authenticator Operation