Communication between the devices – Brocade BigIron RX Series Configuration Guide User Manual

BigIron RX Series Configuration Guide

1047

53-1002484-04

How 802.1x port security works

34

Communication between the devices

For communication between the devices, 802.1x port security uses the Extensible Authentication
Protocol (EAP), defined in RFC 2284. The 802.1x standard specifies a method for encapsulating
EAP messages so that they can be carried over a LAN. This encapsulated form of EAP is known as
EAP over LAN (EAPOL). The standard also specifies a means of transferring the EAPOL information
between the Client/Supplicant, Authenticator, and Authentication Server.

EAPOL messages are passed between the Port Access Entity (PAE) on the Supplicant and the
Authenticator.

Figure 135

shows the relationship between the Authenticator PAE and the

Supplicant PAE.

FIGURE 135

Authenticator PAE and supplicant PAE

Authenticator PAE – The Authenticator PAE communicates with the Supplicant PAE, receiving
identifying information from the Supplicant. Acting as a RADIUS client, the Authenticator PAE
passes the Supplicant’s information to the Authentication Server, which decides whether the
Supplicant can gain access to the port. If the Supplicant passes authentication, the Authenticator
PAE grants it access to the port.

Supplicant PAE – The Supplicant PAE supplies information about the Client to the Authenticator
PAE and responds to requests from the Authenticator PAE. The Supplicant PAE can also initiate the
authentication procedure with the Authenticator PAE, as well as send logoff messages.

Authentication

Server

Authenticator

PAE

Supplicant

PAE

BigIron Device
(Authenticator)

RADIUS

Messages

EAPOL

Messages

802.1X-Enabled

Supplicant