Technical data

BLADE OS 5.1 Application Guide

 Chapter 2: Port-based Network Access Control BMD00136, November 2009

 Authenticator

The Authenticator enforces authentication and controls access to the network. The

Authenticator grants network access based on the information provided by the Supplicant and

the response from the Authentication Server. The Authenticator acts as an intermediary

between the Supplicant and the Authentication Server: requesting identity information from the

client, forwarding that information to the Authentication Server for validation, relaying the

server’s responses to the client, and authorizing network access based on the results of the

authentication exchange. The G8000 acts as an Authenticator.

 Authentication Server,

The Authentication Server validates the credentials provided by the Supplicant to determine if

the Authenticator should grant access to the network. The Authentication Server may be

co-located with the Authenticator. The G8000 relies on external RADIUS servers for

authentication.

Upon a successful authentication of the client by the server, the 802.1X-controlled port transitions

from unauthorized to authorized state, and the client is allowed full access to services through the

port. When the client sends an EAP-Logoff message to the authenticator, the port will transition

from authorized to unauthorized state.

802.1X Authentication Process

The clients and authenticators communicate using Extensible Authentication Protocol (EAP),

which was originally designed to run over PPP, and for which the IEEE 802.1X Standard has

defined an encapsulation method over Ethernet frames, called EAP over LAN (EAPOL).

Figure 1 shows a typical message exchange initiated by the client.