Communication between the devices – Brocade TurboIron 24X Series Configuration Guide User Manual
Page 976

942
Brocade TurboIron 24X Series Configuration Guide
53-1003053-01
How 802.1X port security works
illustrates these roles.
FIGURE 114
Authenticator, client/supplicant, and authentication server in an 802.1X
configuration
Authenticator – The device that controls access to the network. In an 802.1X configuration, the
device serves as the Authenticator. The Authenticator passes messages between the Client and
the Authentication Server. Based on the identity information supplied by the Client, and the
authentication information supplied by the Authentication Server, the Authenticator either grants or
does not grant network access to the Client.
Client/Supplicant – The device that seeks to gain access to the network. Clients must be running
software that supports the 802.1X standard (for example, the Windows XP operating system).
Clients can either be directly connected to a port on the Authenticator, or can be connected by way
of a hub.
Authentication server – The device that validates the Client and specifies whether or not the Client
may access services on the device. Authentication Servers running RADIUS is supported.
Communication between the devices
For communication between the devices, 802.1X port security uses the Extensible Authentication
Protocol (EAP), defined in RFC 2284. The 802.1X standard specifies a method for encapsulating
EAP messages so that they can be carried over a LAN. This encapsulated form of EAP is known as
EAP over LAN (EAPOL). The standard also specifies a means of transferring the EAPOL information
between the Client/Supplicant, Authenticator, and Authentication Server.
Client/Supplicant
RADIUS Server
(Authentication Server)
Switch
(Authenticator)