Installation manual
Operation Manual - Security
Quidway S3000-EI Series Ethernet Switches Chapter 1
802.1x Configuration
Huawei Technologies Proprietary
1-2
rt is always in bi-directional connection
exchange information through the EAPoL (Extensible Authentication Protocol over
LANs) frame defined by IEEE 802.1x. Authentication data are encapsulated in the EAP
frame, which is to be encapsulated in the packets of other AAA upper layer protocols
(e.g. RADIUS) so as to go through the complicated network to reach the Authentication
Server. Such procedure is called EAP Relay.
There are two types of ports for the Authenticator. One is the Uncontrolled Port, and the
other is the Controlled Port. The Uncontrolled Po
state. The user can access and share the network resources any time through the ports.
The Controlled Port will be in connecting state only after the user passes the
authentication. Then the user is allowed to access the network resources.
Supplicant
Authenticator
PAE
Authenticator
Server
Supplicant
Authenticator System
Authenticat
Server
System
or
System
EAP protocol
exchanges
carried in
higher layer
protocol
EAPoL
Controlled
Port
Port
unauthorized
LAN
Uncontrolled
Port
Services
offered
by
Authenticators
System
Figure 1-1 802.1x system architecture
1.1.3 802.
802.1x configures EAP frame to carry the authentication information. The Standard
rames:
z EAP-Packet: Authentication information frame, used to carry the authentication
ng frame, actively originated by the
z f request frame, actively terminating the authenticated state.
z psulated-ASF-Alert: Supports the Alerting message of Alert Standard
ant
Authenticator System and then transmitted to the Authentication Server System. The
1x Authentication Process
defines the following types of EAP f
information.
z EAPoL-Start: Authentication originati
Supplicant.
EAPoL-Logoff: Logof
z EAPoL-Key: Key information frame, supporting to encrypt the EAP packets.
EAPoL-Enca
Forum (ASF).
The EAPoL-Start, EAPoL-Logoff and EAPoL-Key only exist between the Supplic
and the Authenticator. The EAP-Packet information is re-encapsulated by the