Device Roles - D-Link xStack DGS-3610 Series Configuration Manual

Chapter 37 Configuration of 802.1X
Before the client passes the authentication, only the EAPOL (Extensible Authentication
Protocol over LAN) packets can be transmitted over the network. After successful
authentication, normal data flows can be transmitted over the network.
By using 802.1x, our devices provide Authentication, Authorization, and Accounting (AAA).
Authentication: It is used to check whether a user has the access right, thus restricting

illegal users.
Authorization: It authorizes the services available to users, controlling the rights of valid

users.
Accounting: It records users' use of network resources, providing the supporting data

for charging.
The 802.1x is described in the following aspects as below:

Device Roles


Authentication Initiation and Packet Interaction During Authentication

States of Authorized Users and Unauthorized Users

Topologies of Typical Applications

37.1.1 Device Roles
In the IEEE802.1x standard, there are three roles: supplicant, authenticator, and
authentication server. In practice, they are the Client, network access server (NAS) and
Radius-Server.
Figure 37-1
Roles played in the IEEE802.1x protocol
Supplicant
Supplicant:

The supplicant is a role played by end users, usually a PC. It requests for the access to
network services and responds to the request packets from the authenticator. The supplicant
must run the IEEE 802.1x client. Currently, the most popular the IEEE802.1X client carried
by Windows XP. In addition, we have also launched the STAR Supplicant software compliant
of this standard.
37-2
Authenticator
Authentication
server
DGS-3610 Series Configuration Guide
Roles played in the real application
Work station
PC
Client
Switch