beautypg.com

Authentication process – Allied Telesis AT-S60 User Manual

Page 551

background image

AT-S60 Management Software User’s Guide

Section V: Security Features

551

❑ Authentication server - The authentication server is the network

device that has the RADIUS server software. This is the device that
does the actual authenticating of the user names and password
from the supplicants.

The AT-8400 switch does not authenticate the username and passwords
from the clients. Instead, the switch acts as an intermediary between a
supplicant and the authentication server during the authentication
process.

Note

Ports under 802.1x control do not support trunking, STP, or static
and dynamic learning. In addition, ports under 802.1x control must
be a member of a only one VLAN.

Authentication

Process

Below is a brief overview of the authentication process that occurs
between a supplicant, authenticator, and authentication server. For
further details, refer to the IEEE 802.1x standard.

1. An authentication message exchange can be initiated by either the

authenticator port or the supplicant port. The switch initiates an
exchange when it detects a change in the status of a port (such as
when the port transitions from no link to valid link), or if it receives a
packet on the port with a source MAC address not in the MAC address
table.

An authenticator starts the exchange by sending an EAP-
Request/Identity packet. A supplicant starts the exchange with an
EAPOL-Start packet, to which the authenticator responds with a EAP-
Request/Identity packet.

2. The supplicant responds with an EAP-Response/Identity packet to

the authentication server via the authenticator.

3. The authentication server responds with an EAP-Request packet to

the supplicant via the authenticator.

4. The supplicant responds with an EAP-Response/MD5 packet

containing a username and password. This packet is sent to the
authentication server via the authenticator.

5. The authentication server sends either an EAP-Success packet or an

EAP-Reject packet to the supplicant via the authenticator.

6. Upon successful authorization of the supplicant by the

authentication server, the switch adds the supplicant’s MAC address
to the MAC address table as an authorized address and begins
forwarding network traffic to and from the port.

See also other documents in the category Allied Telesis Computer hardware: