beautypg.com

Section 13.2.1 – Westermo RedFox Series User Manual

Page 281

background image

Westermo OS Management Guide

Version 4.17.0-0

13.2.1

Authentication using IEEE 802.1X

WeOS units are able to act as IEEE 802.1X [

15

] authenticators. WeOS uses

the RADIUS[

34

] protocol with extensions for Extensible Authentication Protocol

(EAP[

33

]) to communicate to a backend authentication server.

WeOS neither includes a RADIUS server nor a local authentication server mech-
anism for 802.1X. Instead the 802.1X authentication server must be provided
externally.

As of WeOS v4.17.0, WeOS does not support Authenticator initiation as defined
by §8.4.2.1 in the IEEE 802.1X standard[

15

]. The 802.1X client (supplicant) must

initiate the authentication procedure to gain access

4

.

Fig. 13.5

illustrates the principles of a successful authentication with IEEE 802.1X.

In reality the protocol exchanges several messages between the supplicant, the
authenticator and the RADIUS backend server (see the standard documents for
details). The WeOS unit acts as an IEEE 802.1X authenticator, relaying the EAP
messages to the RADIUS server.

When configuring the 802.1X authenticator in WeOS, the RADIUS server (or group
of RADIUS servers) must be specified. The procedure is as follows:

1. RADIUS server settings (AAA): Enter the appropriate settings for your RA-

DIUS server(s): IP address, password, etc. See

chapter 21

on Authentication,

Authorisation and Accounting (AAA) for more information.

2. Define RADIUS server group (AAA): (Optional) The RADIUS servers can be

grouped together, simplifying configuration in some cases. See

chapter 21

on AAA for more information.

3. Define AAA instance(s) for 802.1X (AAA): To allow individual RADIUS servers

or server groups to be used as 802.1X authentication backends, they need
to be listed in an 802.1X AAA instance. See

chapter 21

on AAA for more

information.

4. Enable 802.1X per VLAN: When 802.1X is enabled on a VLAN, the relevant

AAA instance is defined, thereby defining which RADIUS server(s) to relay
802.1X messages to from this VLAN. See sections

13.3.4

(Web) and

13.4.15

(CLI) for further details.

4

The 802.1X supplicants included with Microsoft Windows, Ubuntu Linux and most other equip-

ment supports supplicant initiation.

➞ 2015 Westermo Teleindustri AB

281

This manual is related to the following products:
See also other documents in the category Westermo Equipment: