Igure, 57 – 802.1x network components – GarrettCom Magnum MNS-6K User Manual

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E

allowing access to services that are accessible via that port. The authenticator is
responsible for communication with the supplicant and for submitting the information
received from the supplicant to a suitable authentication server. This allows the
verification of user credentials to determine the consequent port authorization state. It is
important to note that the authenticator’s functionality is independent of the actual
authentication method. It effectively acts as a pass-through for the authentication
exchange.

Supplicant

Authenticator

Authentication
Server (RADIUS)

802.1x
Switch

Supplicant

Authenticator

Authentication
Server (RADIUS)

802.1x
Switch

F

IGURE

57 – 802.1x network components

The RADIUS server is the authentication server. The authentication server provides a
standard way of providing Authentication, Authorization, and Accounting services to a
network. Extensible Authentication Protocol (EAP) is an authentication framework which
supports multiple authentication methods. EAP typically runs directly over data link
layers such as PPP or IEEE 802, without requiring IP. EAP over LAN (EAPOL)
encapsulates EAP packets onto 802 frames with a few extensions to handle 802
characteristics. EAP over RADIUS encapsulates EAP packets onto RADIUS packets for
relaying to RADIUS authentication servers.

The details of the 802.1x authentication are shown below

78