beautypg.com

2 the work mechanism of 802.1x, 2 the work mechanism of 802.1x -137 – PLANET WGSW-52040 User Manual

Page 358

background image

access the LAN via the authentication server system, and deal with the

authenticated/unauthenticated state of the controlled port according to the result of the

authentication. The authenticated state means the user is allowed to access the network

resources, the unauthenticated state means only the EAPOL messages are allowed to

be received and sent while the user is forbidden to access network resources.

2. controlled/uncontrolled ports

The authenticator system provides ports to access the LAN for the supplicant systems. These

ports can be divided into two kinds of logical ports: controlled ports and uncontrolled ports.

The uncontrolled port is always in bi-directionally connected status, and mainly used to

transmit EAPOL protocol frames, to guarantee that the supplicant systems can always

send or receive authentication messages.

The controlled port is in connected status authenticated to transmit service messages.

When unauthenticated, no message from supplicant systems is allowed to be received.

The controlled and uncontrolled ports are two parts of one port, which means each frame

reaching this port is visible on both the controlled and uncontrolled ports.

3. Controlled direction

In unauthenticated status, controlled ports can be set as unidirectional controlled or

bi-directionally controlled.

When the port is bi-directionally controlled, the sending and receiving of all frames is

forbidden.

When the port is unidirectional controlled, no frames can be received from the supplicant

systems while sending frames to the supplicant systems is allowed.

Notes: At present, this kind of switch only supports unidirectional control.

42.1.2 The Work Mechanism of 802.1x

IEEE 802.1x authentication system uses EAP (Extensible Authentication Protocol) to

implement exchange of authentication information between the supplicant system,

authenticator system and authentication server system.

Figure 42-2: the Work Mechanism of 802.1x

EAP messages adopt EAPOL encapsulation format between the PAE of the supplicant

42-137

See also other documents in the category PLANET Routers: