Configuring 802.1X
Chapter 22. Configuring 802.1X
22.1 Brief Introduction to 802.1X
Configuration
IEEE 802.1X is the accessing management protocol standard based on interface
accessing control passed in June, 2001. Traditional LAN does not provide accessing
authentication. Users access the devices and resources in LAN when connecting to the LAN,
which is a security hidden trouble. For application of motional office and CPN, device provider
hopes to control and configure user’s connecting. There is also the need for accounting.
IEEE 802.1X is a network accessing control technology based on interface which is the
accessing devices authentication and control by physical accessing level of LAN devices.
Physical accessing level here means the interface of LAN Switch devices. When getting
authentication, switch is the in-between (agency) of client and authentication server. It
obtains user’s identity from client of accessing switch and verifies the information through
authentication server. If the authentication passes, this user is allowed to access LAN
resources or it will be refused.
22.1.1 Architecture of 802.1X
802.1X operates in the typical client/server model and defines three entities: supplicant
system, authenticator system, and authentication server system, as shown in figure 1-1.
ï‚· Supplicant system: A system at one end of the LAN segment, which is authenticated
by the authenticator system at the other end. A supplicant system is usually a
user-end device and initiates 802.1x authentication through 802.1x client software
supporting the EAP over LANs (EAPOL) protocol.
ï‚· Authenticator system: A system at the other end of the LAN segment, which
authenticates the connected supplicant system. An authenticator system is usually an
802.1x-enabled network device and provides ports (physical or logical) for supplicants
to access the LAN.
ï‚· Authentication server system: The system providing authentication, authorization, and
accounting services for the authenticator system. The authentication server, usually a
Remote Authentication Dial-in User Service (RADIUS) server, maintains user
information like username, password, VLAN that the user belongs to, committed
access rate (CAR) parameters, priority, and ACLs.
To Next Page
Loading...
Need help?
General
