beautypg.com

Authentication process authenticator ports, Authentication process, Authenticator ports – Allied Telesis AT 8000/8POE User Manual

Page 177

background image

AT-S81 Management Software User’s Guide

Section I: Using the Menus Interface

177

Authentication

Process

Below is a brief overview of the authentication process that occurs
between a supplicant, authenticator, and authentication server. For further
details, refer to the IEEE 802.1x standard.

Either the authenticator (that is, a switch port) or the
supplicant can initiate an authentication prompt
exchange. The switch initiates an exchange when it
detects a change in the status of a port (such as when
the port transitions from no link to valid link), or if it
receives a packet on the port with a source MAC
address not in the MAC address table.

An authenticator starts the exchange by sending an
EAP-Request/Identity packet. A supplicant starts the
exchange with an EAPOL-Start packet, to which the
authenticator responds with a EAP-Request/Identity
packet.

The supplicant responds with an EAP-Response/
Identity packet to the authentication server via the
authenticator.

The authentication server responds with an EAP-
Request packet to the supplicant via the authenticator.

The supplicant responds with an EAP-Response/MDS
packet containing a username and password.

The authentication server sends either an EAP-
Success packet or EAP-Reject packet to the
supplicant.

Upon successful authorization of the supplicant by the
authentication server, the switch adds the supplicant’s
MAC address to the MAC address as an authorized
address and begins forwarding network traffic to and
from the port.

When the supplicant sends an EAPOL-Logoff prompt,
the switch removes the supplicant’s MAC address from
the MAC address table, preventing the supplicant from
sending or receiving any further traffic from the port.

Authenticator

Ports

All of the ports on the AT-8000/8POE Fast Ethernet Switch are
authenticator ports. An authenticator port can have one of three settings.
These settings are referred to as the port control settings. The settings
are:

Auto - Activates 802.1x authentication. An
authenticator port with this setting does not forward
network traffic to or from the end node until the client
has entered a username and password that the
authentication server must validate. The port begins in
the unauthorized state, sending and receiving only

See also other documents in the category Allied Telesis Computer Accessories: