Manualshelf

Technical data

ManualsBrandsBlade Network Technologies ManualsComputer AccessoriesG8000
41424344454647484950
BLADE OS 5.1 Application Guide
44
Chapter 2: Port-based Network Access Control BMD00136, November 2009
The RADIUS authentication server chooses an EAP-supported authentication algorithm to verify
the client’s identity, and sends an EAP-Request packet to the client via the G8000 authenticator. The
client then replies to the RADIUS server with an EAP-Response containing its credentials.
Upon a successful authentication of the client by the server, the 802.1X-controlled port transitions
from unauthorized to authorized state, and the client is allowed full access to services through the
controlled port. When the client later sends an EAPOL-Logoff message to the G8000 authenticator,
the port transitions from authorized to unauthorized state.
If a client that does not support 802.1X connects to an 802.1X-controlled port, the G8000
authenticator requests the client's identity when it detects a change in the operational state of the
port. The client does not respond to the request, and the port remains in the unauthorized state.
Note – When an 802.1X-enabled client connects to a port that is not 802.1X-controlled, the client
initiates the authentication process by sending an EAPOL-Start frame. When no response is
received, the client retransmits the request for a fixed number of times. If no response is received,
the client assumes the port is in authorized state, and begins sending frames, even if the port is
unauthorized.
802.1X Port States
The state of the port determines whether the client is granted access to the network, as follows:
Unauthorized
While in this state the port discards all ingress and egress traffic except EAP packets.
Authorized
When the client is successfully authenticated, the port transitions to the authorized state
allowing all traffic to and from the client to flow normally.
Force Unauthorized
You can configure this state that denies all access to the port.
Force Authorized
You can configure this state that allows full access to the port.
Use the 802.1X global configuration commands (dot1x) to configure 802.1X authentication for all
ports in the switch. Use the 802.1X port commands to configure a single port.