Authentication process, Authenticator ports, Authentication process authenticator ports – Allied Telesis AT-S106 User Manual

AT-S106 Management Software Web Browser User’s Guide

167

authentication server, this is where the actual verification of the
supplicant user names and passwords is done.

Authentication

Process

The authentication process involves communication between the
authenticator and the supplicant using the standard EAPOL transaction to
pass the user name and password of the supplicant to the authenticator.
The authenticator then passes this information to the authentication server
(either remote or local) where the supplicant user name and password are
verified. Once the authentication server notifies the authenticator that the
information is valid, the supplicant is granted access to the switch.

Authenticator

Ports

All of the ports on the AT-GS950/48 switch are authenticator ports. An
authenticator port can have one of three settings referred to as the port
control settings. The settings are:

ˆ

Auto - Activates 802.1x port-based authentication. An authenticator
port with this setting does not forward network traffic to or from the end
node until the client has entered a user name and password that the
authentication server then validates. The port begins in the
unauthorized state, sending and receiving only EAPOL frames. All
other frames, including multicast and broadcast frames, are discarded.
The authentication process begins when the link state of the port
changes or the port receives an EAPOL-Start packet from a
supplicant. The switch requests the identity of the client and begins
relaying authentication prompts between the client and the
authentication server. Each client that attempts to access the network
is uniquely identified by the switch using the client's MAC address.

ˆ

Force-unauthorized - Places the port in the unauthorized state,
ignoring all attempts by the client to authenticate. This port control
setting blocks all users from accessing the network through the port
and is similar to disabling a port and can be used to secure a port from
use. The port continues to forward EAPOL packets, but discards all
other packets, including multicast and broadcast packets.

ˆ

Force-authorized - Disables IEEE 802.1x port-based authentication
and causes the port to transition to the authorized state without any
authentication exchange required. The port transmits and receives
normal traffic without 802.1x-based authentication of the client. This is
the default setting. Use this port control setting for those ports that are
connected to network devices that are not to be authenticated.