BigIron RX Series Configuration Guide 965
53-1002253-01
How 802.1x port security works
33
FIGURE 125 Authenticator PAE and supplicant PAE
Authenticator PAE – The Authenticator PAE communicates with the Supplicant PAE, receiving
identifying information from the Supplicant. Acting as a RADIUS client, the Authenticator PAE
passes the Supplicant’s information to the Authentication Server, which decides whether the
Supplicant can gain access to the port. If the Supplicant passes authentication, the Authenticator
PAE grants it access to the port.
Supplicant PAE – The Supplicant PAE supplies information about the Client to the Authenticator
PAE and responds to requests from the Authenticator PAE. The Supplicant PAE can also initiate the
authentication procedure with the Authenticator PAE, as well as send logoff messages.
Controlled and uncontrolled ports
A physical port on the device used with 802.1x port security has two virtual access points, a
controlled port and an uncontrolled port. The controlled port provides full access to the network.
The uncontrolled port provides access only for EAPOL traffic between the Client and the
Authentication Server. When a Client is successfully authenticated, the controlled port is opened to
the Client. Figure 126 illustrates this concept.
Authentication
Server
Authenticator
PAE
Supplicant
PAE
BigIron Device
(Authenticator)
RADIUS
Messages
EAPOL
Messages
802.1X-Enabled
Supplicant
To Next Page
Loading...
