Manualshelf

Specifications

ManualsBrandsWaters Network Systems ManualsComputer equipmentPS-2126M-POE
71727374757677787980
Waters Network Systems User’s Manual Page 79
PS-2126M-POE
controlled port remains in the authorized state until re-authentication fails.
A port acting as an authenticator is thought to be two logical ports, a controlled port and an
uncontrolled port. A controlled port can only pass packets when the authenticator PAE is
authorized. Otherwise, an uncontrolled port will unconditionally pass the packets with PAE
group MAC address, which has the value of 01-80-c2-00-00-03 and will not be forwarded by
MAC bridge, at any time.
Authentication server:
A device provides authentication service, through EAP, to an authenticator by using
authentication credentials supplied by the supplicant to determine if the supplicant is
authorized to access the network resource.
The overview of operation flow for the Figure 5.53 is quite simple. When Supplicant PAE
issues a request to Authenticator PAE, Authenticator and Supplicant exchanges
authentication message. Then, Authenticator passes the request to RADIUS server to verify.
Finally, RADIUS server replies if the request is granted or denied.
During the authentication process, the message packets, encapsulated by Extensible
Authentication Protocol over LAN (EAPOL), are exchanged between an authenticator PAE
and a supplicant PAE. The Authenticator exchanges the message to authentication server
using EAP encapsulation. Before successfully authenticating, the supplicant can only touch
the authenticator to perform authentication message exchange or access the network from
the uncontrolled port.
Figure 5.43 - Authentication
Figure 5.44 represents a typical configuration; a single supplicant, an authenticator and an
authentication server. B and C are in the internal network, D is the Authentication server running
RADIUS, switch at the central location which acts as Authenticator connecting to PC A. A is a
PC outside the controlled port, running Supplicant PAE. In this case, PC A wants to access the
services on device B and C. It first must exchange the authentication message with the
authenticator on the port it connected via EAPOL packet. The authenticator transfers the
LAN
Authenticator
PAE
Services Offered
by Authenticator
(e.g Bridge Relay)
Authenticators System
Authentication
Server’s System
Authentication
Server
Supplicant
PAE
Uncontrolled port Controlled port
MAC Enable
Port Authorize
Supplicant’s
System