Table of Contents
Advertisement
9. When the authenticator PAE receives a Radius-Access-Accept, it will send an EAP-Success to the supplicant.
At this time, the supplicant is authorized and the port connected to the supplicant and under 802.1x
control is in the authorized state. The supplicant and other devices connected to this port can access the
network. If the authenticator receives a Radius-Access-Reject, it will send an EAP-Failure to the supplicant.
This means the supplicant is failed to authenticate. The port it connected is in the unauthorized state, the
supplicant and the devices connected to this port won't be allowed to access the network.
10. When the supplicant issue an EAP-Logoff message to Authentication server, the port you are using is set
to be unauthorized.
PC
EAPOL-Start
EAP-Response/Identity
EAP-Response (cred)
Only MultiHost 802.1X is the type of authentication supported in the switch. In this mode, for the devices
connected to this port, once a supplicant is authorized, the devices connected to this port can access the
network resource through this port.
802.1x Port-based Network Access Control function supported by the switch is little bit complex, for it just
support basic Multihost mode, which can distinguish the device's MAC address and its VID. The following table
is the summary of the combination of the authentication status and the port status versus the status of port
mode, set in 802.1x Port mode, port control state, set in 802.1x port setting. Here Entry Authorized means
MAC entry is authorized.
Port connect
EAPOL
EAP-Request/Identity
EAP-Request
EAP-Success
EAP-Failure
EAP-Logoff
CHAPTER 4: Web-Based Management
Bridge
LAN
Access blocked
Authenticator
Radius-Access-Request
Radius-Access-Request
Access allowed
Figure 4-3.
Radius Server
EAP
Radius
Radius-Access-Challenge
Radius-Access-Accept
79
Advertisement
Table of Contents
