User`s guide

ManualsBrandsSignaMax ManualsComputer equipment065-7726SPOE

111

112

113

114

115

116

117

118

119

120

Signamax







065-7726SPOE / 065-7726SPOE-FP 24-Port 10/100BaseT/TX

PoE Managed Switch User Manual

Publication date: February, 2010

Revision A1.0

107

3-12. 802.1x Configuration

802.1x port-based network access control provides a method to restrict users to access

network resources via authenticating user’s information. This restricts users from gaining

access to the network resources through an 802.1x-enabled port without authentication. If a

user wishes to touch the network through a port under 802.1x control, he (she) must firstly input

his (her) account name for authentication and waits for gaining authorization before sending or

receiving any packets from an 802.1x-enabled port.

Before the devices or end stations can access the network resources through the ports

under 802.1x control, the devices or end stations connected to a controlled port send the

authentication request to the authenticator, the authenticator pass the request to the

authentication server to authenticate and verify, and the server tell the authenticator if the

request get the grant of authorization for the ports.

According to IEEE 802.1x, there are three components implemented. They are

Authenticator, Supplicant and Authentication server shown in Fig. 3-43.

Supplicant:

It is an entity being authenticated by an authenticator. It is used to communicate with

the Authenticator PAE (Port Access Entity) by exchanging the authentication

message when the Authenticator PAE request to it.

Authenticator:

An entity facilitates the authentication of the supplicant entity. It controls the state of

the port, authorized or unauthorized, according to the result of authentication

message exchanged between it and a supplicant PAE. The authenticator may

request the supplicant to re-authenticate itself at a configured time period. Once start

re-authenticating the supplicant, the controlled port keeps in the authorized state

until re-authentication fails.

A port acting as an authenticator is thought to be two logical ports, a controlled port

and an uncontrolled port. A controlled port can only pass the packets when the

authenticator PAE is authorized, and otherwise, an uncontrolled port will

unconditionally pass the packets with PAE group MAC address, which has the value

of 01-80-c2-00-00-03 and will not be forwarded by MAC bridge, at any time.

Authentication server:

A device provides authentication service, through EAP, to an authenticator by using

authentication credentials supplied by the supplicant to determine if the supplicant is

authorized to access the network resource.