Microsens MS453522M User Manual
Page 119
MICROSENS 8 Port Gigabit Ethernet Switch
User’s Manual
114
The Fig. 3-54 shows the procedure of 802.1X authentication. There are steps for the login
based on 802.1X port access control management. The protocol used in the right side is EAPOL
and the left side is EAP.
1.
At the initial stage, the supplicant A is unauthenticated and a port on switch
acting as an authenticator is in unauthorized state. So the access is blocked in
this stage.
2.
Initiating a session. Either authenticator or supplicant can initiate the message
exchange. If supplicant initiates the process, it sends EAPOL-start packet to the
authenticator PAE and authenticator will immediately respond EAP-
Request/Identity packet.
3. The authenticator always periodically sends EAP-Request/Identity to the
supplicant for requesting the identity it wants to be authenticated.
4.
If the authenticator doesn’t send EAP-Request/Identity, the supplicant will
initiate EAPOL-Start the process by sending to the authenticator.
5.
And next, the Supplicant replies an EAP-Response/Identity to the authenticator.
The authenticator will embed the user ID into Radius-Access-Request command
and send it to the authentication server for confirming its identity.
6.
After receiving the Radius-Access-Request, the authentication server sends
Radius-Access-Challenge to the supplicant for asking for inputting user password
via the authenticator PAE.
7.
The supplicant will convert user password into the credential information,
perhaps, in MD5 format and replies an EAP-Response with this credential
information as well as the specified authentication algorithm (MD5 or OTP) to
Authentication server via the authenticator PAE. As per the value of the type
field in message PDU, the authentication server knows which algorithm should
be applied to authenticate the credential information, EAP-MD5 (Message Digest
5) or EAP-OTP (One Time Password) or other else algorithm.
Supplicant A
B
C
Authentication server
Authenticator
Fig. 3-53