Security: 802.1X Authentication
Overview
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4 353
18
Multiple methods can run at the same time. When one method finishes successfully, the client
becomes authorized, the methods with lower priority are stopped and the methods with higher
priority continue.
When one of authentication methods running simultaneously fails, the other methods
continue.
When an authentication method finishes successfully for a client authenticated by an
authentication method with a lower priority, the attributes of the new authentication method
are applied. When the new method fails, the client is left authorized with the old method.
802.1x-Based Authentication
The 802.1x-based authenticator relays transparent EAP messages between 802.1x supplicants
and authentication servers. The EAP messages between supplicants and the authenticator are
encapsulated into the 802.1x messages, and the EAP messages between the authenticator and
authentication servers are encapsulated into the RADIUS messages.
This is described in the following:
Figure 1 802.1x-Based Authentication
MAC-Based Authentication
MAC-based authentication is an alternative to 802.1X authentication that allows network
access to devices (such as printers and IP phones) that do not have the 802.1X supplicant
capability. MAC-based authentication uses the MAC address of the connecting device to grant
or deny network access.
Client
Authenticaticator
RADIUS
Protocol
802.1x
Protocol
Authentication
Server
EAP Protocol
To Next Page
Loading...
