Igure, 68 – 802.1x network components – GarrettCom MNS-6K 4.1.4 User Manual

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E

received from the supplicant to a suitable authentication server. This allows the
verification of user credentials to determine the consequent port authorization state. It is
important to note that the authenticator’s functionality is independent of the actual
authentication method. It effectively acts as a pass-through for the authentication
exchange.

F

IGURE

68 – 802.1x network components

Supplicant

Authenticator

Authentication
Server (RADIUS)

802.1x
Switch

Supplicant

Authenticator

Authentication
Server (RADIUS)

802.1x
Switch

The RADIUS server is the authentication server. The authentication server provides a
standard way of providing Authentication, Authorization, and Accounting services to a
network. Extensible Authentication Protocol (EAP) is an authentication framework which
supports multiple authentication methods. EAP typically runs directly over data link
layers such as PPP or IEEE 802, without requiring IP. EAP over LAN (EAPOL)
encapsulates EAP packets onto 802 frames with a few extensions to handle 802
characteristics. EAP over RADIUS encapsulates EAP packets onto RADIUS packets for
relaying to RADIUS authentication servers.

The details of the 802.1x authentication are shown below

107