Configuration; Introduction To 802.1X - 3Com 4200G 12-Port Configuration Manual

21

Introduction to 802.1x

Architecture of 802.1x
Authentication
802.1 C
X ONFIGURATION
The 802.1x protocol (802.1x for short) was developed by IEEE802 LAN/WAN
committee to address security issues of wireless LANs. It was then used in Ethernet as
a common access control mechanism for LAN ports to address mainly authentication
and security problems.
802.1x is a port-based network access control protocol. It authenticates and controls
devices requesting for access in terms of the ports of LAN access control devices. With
the 802.1x protocol employed, a user-side device can access the LAN only when it
passes the authentication. Those failing to pass the authentication are denied when
accessing the LAN, as if they are disconnected from the LAN.
802.1x adopts a client/server architecture with three entities: a supplicant system, an
authenticator system, and an authentication server system, as shown in Figure 43.
Figure 43 Architecture of 802.1x authentication
Supplicant system Supplicant system Supplicant system Supplicant system
Supplicant PAE Supplicant PAE Supplicant PAE Supplicant PAE
Controlled port Controlled port
LAN/WLAN LAN/WLAN LAN/WLAN LAN/WLAN
The supplicant system is an entity residing at one end of the LAN segment and is
■
authenticated by the authenticator system connected to the other end of the LAN
segment. The supplicant system is usually a user terminal device. An 802.1x
authentication is initiated when a user launches client program on the supplicant
system. Note that the client program must support the EAPoL (extensible
authentication protocol over LANs).
The authenticator system authenticates the supplicant system. The authenticator
■
system is usually an 802.1x-supported network device (such as a S4200G series
switch). It provides the port (physical or logical) for the supplicant system to access
the LAN.
The authentication server system is an entity that provides authentication service
■
to the authenticator system. Normally in the form of a RADIUS server, the
authentication server system serves to perform AAA (authentication,
authorization, and accounting) . It also stores user information, such as user name,
password, the VLAN a user belongs to, priority, and the ACLs (access control list)
applied.
Authenticator system Authenticator system Authenticator system Authenticator system
Servic es pr ovided by Servic es pr ovided by Servic es pr ovided by Servic es pr ovided by
aut henticator aut henticator aut henticator aut henticator
Port not authorized Port not authorized Port not authorized Port not authorized
Port under Port under
control control
Authentication Authentication Authentication Authentication
server system server system server system server system
Authenticat or PAE Authenticat or PAE Authenticat or PAE Authenticat or PAE
Port not Port not
Uncontrolled Uncontrolled
Under Under
port port
control control
Authentication Authentication Authentication Authentication
server server server server