2 the work mechanism of 802.1x – QTECH QSW-3400 Инструкция по настройке User Manual
Page 322
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
321
The uncontrolled port is always in bi-directionally connected status, and mainly used to
transmit EAPOL protocol frames, to guarantee that the supplicant systems can always
send or receive authentication messages.
The controlled port is in connected status authenticated to transmit service messages.
When unauthenticated, no message from supplicant systems is allowed to be received.
The controlled and uncontrolled ports are two parts of one port, which means each
frame reaching this port is visible on both the controlled and uncontrolled ports.
3. Controlled direction
In unauthenticated status, controlled ports can be set as unidirectional controlled or bi-
directionally controlled.
When the port is bi-directionally controlled, the sending and receiving of all frames is
forbidden.
When the port is unidirectional controlled, no frames can be received from the
supplicant systems while sending frames to the supplicant systems is allowed.
Notes: At present, this kind of switch only supports unidirectional control.
40.1.2 The Work Mechanism of 802.1x
IEEE 802.1x authentication system uses EAP (Extensible Authentication Protocol) to
implement exchange of authentication information between the supplicant system,
authenticator system and authentication server system.
the Work Mechanism of 802.1x
EAP messages adopt EAPOL encapsulation format between the PAE of the supplicant
system and the PAE of the authenticator system in the environment of LAN.
Between the PAE of the authenticator system and the RADIUS server, there are two
methods to exchange information: one method is that EAP messages adopt EAPOR
(EAP over RADIUS) encapsulation format in RADIUS protocol; the other is that EAP
messages terminate with the PAE of the authenticator system, and adopt the
messages containing RAP (Password Authentication Protocol) or CHAP (Challenge