Manualshelf

Specifications

ManualsBrandsBlade Network Technologies ManualsComputer AccessoriesG8000
111112113114115116117118119120
96 Implementing IBM System Networking 10Gb Ethernet Switches
The 802.1X standard describes port-based network access control by using Extensible
Authentication Protocol over LAN (EAPoL). EAPoL provides a means of authenticating and
authorizing devices attached to a LAN port that has point-to-point connection characteristics
and of preventing access to that port in cases of authentication and authorization failures.
EAPoL is a client-server protocol that has the following components:
򐂰 Supplicant or Client
The Supplicant is a device that requests network access and provides the required
credentials (user name and password) to the Authenticator and the Authenticator Server.
򐂰 Authenticator
The Authenticator enforces authentication and controls access to the network. The
Authenticator grants network access based on the information provided by the Supplicant
and the response from the Authentication Server. The Authenticator acts as an
intermediary between the Supplicant and the Authentication Server: requesting identity
information from the client, forwarding that information to the Authentication Server for
validation, relaying the server’s responses to the client, and authorizing network access
based on the results of the authentication exchange. The IBM System Networking switch
acts as an Authenticator.
򐂰 Authentication Server
The Authentication Server validates the credentials provided by the Supplicant to
determine whether the Authenticator should grant access to the network. The
Authentication Server may be co-located with the Authenticator. The VFSM relies on
external RADIUS servers for authentication.
Upon a successful authentication of the client by the server, the 802.1X-controlled port
transitions from unauthorized to authorized state, and the client is allowed full access to
services through the port. When the client sends an EAP-Logoff message to the
authenticator, the port transitions from an authorized to unauthorized state.
EAPoL authentication process
The clients and authenticators communicate by using Extensible Authentication Protocol
(EAP), which was originally designed to run over PPP, and for which the IEEE 802.1X
Standard defined an encapsulation method over Ethernet frames, called EAP over
LAN (EAPoL).