Operation Manual
VigorSwitch G1260 User’s Guide
57
While in the authentication process, the message packets, encapsulated by Extensible
Authentication Protocol over LAN (EAPOL), are exchanged between an authenticator PAE
and a supplicant PAE. The Authenticator exchanges the message to authentication server
using EAP encapsulation. Before successfully authenticating, the supplicant can only touch
the authenticator to perform authentication message exchange or access the network from
the uncontrolled port.
In the above figure, this is the typical configuration, a single supplicant, an authenticator
and an authentication server. B and C is in the internal network, D is Authentication server
running RADIUS, switch at the central location acts Authenticator connecting to PC A and
A is a PC outside the controlled port, running Supplicant PAE. In this case, PC A wants to
access the services on device B and C, first, it must exchange the authentication message
with the authenticator on the port it connected via EAPOL packet. The authenticator
transfers the supplicant’s credentials to Authentication server for verification. If success,
the authentication server will notice the authenticator the grant. PC A, then, is allowed to
access B and C via the switch. If there are two switches directly connected together instead
of single one, for the link connecting two switches, it may have to act two port roles at the
end of the link: authenticator and supplicant, because the traffic is bi-directional.
Above figure shows the procedure of 802.1x authentication. There are steps for the login
based on 802.1x port access control management. The protocol used in the right side is
EAPOL and the left side is EAP.