Technical data
BMD00136, November 2009 41
CHAPTER 2
Port-based Network Access Control
Port-Based Network Access control provides a means of authenticating and authorizing devices
attached to a LAN port that has point-to-point connection characteristics. It prevents access to ports
that fail authentication and authorization. This feature provides security to ports of the G8000 that
connect to servers.
The following topics are discussed in this section:
“Extensible Authentication Protocol over LAN” on page 41
“802.1X Authentication Process” on page 42
“802.1X Port States” on page 44
“Supported RADIUS Attributes” on page 45
“Configuration Guidelines” on page 46
Extensible Authentication Protocol over LAN
The G8000 can provide user-level security for its ports using the IEEE 802.1X protocol, which is a
more secure alternative to other methods of port-based network access control. Any device attached
to an 802.1X-enabled port that fails authentication is prevented access to the network and denied
services offered through that port.
The 802.1X standard describes port-based network access control using Extensible Authentication
Protocol over LAN (EAPoL). EAPoL provides a means of authenticating and authorizing devices
attached to a LAN port that has point-to-point connection characteristics and of preventing access to
that port in cases of authentication and authorization failures.
EAPoL is a client-server protocol that has the following components:
Supplicant or Client
The Supplicant is a device that requests network access and provides the required credentials
(user name and password) to the Authenticator and the Authenticator Server.