Authentication process, Authentication process 3 – Allied Telesis AT-8100 Series User Manual

AT-8100 Switch Command Line User’s Guide

1063

Authentication Process

Below is a brief overview of the authentication process that occurs
between a supplicant, authenticator, and authentication server. For further
details, refer to the IEEE 802.1x standard.



Either the authenticator (that is, a switch port) or the supplicant
initiates an authentication message exchange. The switch initiates
an exchange when it detects a change in the status of a port (such
as when the port transitions from no link to valid link), or if it
receives a packet on the port with a source MAC address not in the
MAC address table.



An authenticator starts the exchange by sending an EAP-Request/
Identity packet. A supplicant starts the exchange with an EAPOL-
Start packet, to which the authenticator responds with an EAP-
Request/Identity packet.



The supplicant responds with an EAP-Response/Identity packet to
the authentication server via the authenticator.



The authentication server responds with an EAP-Request packet
to the supplicant via the authenticator.



The supplicant responds with an EAP-Response packet containing
a username and password.



The authentication server sends either an EAP-Success packet or
EAP-Reject packet to the supplicant via the authenticator.



Upon successful authorization of the supplicant by the
authentication server, the switch adds the supplicant’s MAC
address to the MAC address as an authorized address and begins
forwarding network traffic to and from the authorized supplicant.



When the supplicant sends an EAPOL-Logoff message, the switch
removes the supplicant’s MAC address from the MAC address
table, preventing the supplicant from sending or receiving any
further traffic from the port.