Configuration Guide Vol. 2

6.1 IEEE 802.1 X Overview

The IEEE 802.1X authentication functionality prevents unauthorized clients from connecting to the network. A back-end authentication server, typically a RADIUS server, authenticates each terminal before making available any services offered by the Switch.

The following table describes the entities involved in IEEE 802.1X authentication, and how they interact.

Table 6-1: Components and operation summary

Parameters

Role

Switch (authenticator)

The authenticator controls access to the LAN and relays authentication information between the supplicant and the authentication server. EAP Over LAN (EAPOL) carries authentication traffic between the terminal and the Switch. Messages between the Switch and the authentication server are encapsulated into EAP over RADIUS. In this chapter, the term Switch refers to the Switch itself, and authenticator refers to the authenticator software running on the Switch.

Terminal (supplicant)

The terminal uses EAPOL packets to provide authentication information for the terminal to the Switch. In this manual, the terms terminal and supplicant include the terminal itself and the supplicant software running on it. The term supplicant software refers only to the software that provides supplicant functionality.

Authentication server

Performs the actual authentication of the terminal. The authentication server verifies the identity of the terminal and notifies the Switch as to whether the terminal is authorized to access the Switch services.

In a standard IEEE 802.1X configuration, terminals are connected directly to the ports of the Switch. The following figure describes the basic model of IEEE 802.1X authentication using a Switch.

Figure 6-1: IEEE802.1X basic configuration

[Figure Data]

The Switch also supports the authentication of multiple terminals attached to a single port (via multiple-terminal mode and terminal authentication mode). This allows you to configure a topology in which the number of ports does not limit the number of terminals, by positioning an L2 switch or hub between the terminals and a Switch. For this configuration to work, the L2 switch between the terminals and the Switch must be configured to forward EAPOL packets. The following figures show the configuration.

Figure 6-2: IEEE802.1X configuration with L2 switching between terminals

[Figure Data]
<Structure of this section>

[Product name label]

All Rights Reserved, Copyright(C), 2017, 2023, ALAXALA Networks, Corp.