Configuring 802.1X
Figure 22-1 Architecture of 802.1x
The above systems involve three basic concepts: PAE, controlled port, control direction.
1) PAE
Port access entity (PAE) refers to the entity that performs the 802.1x algorithm and
protocol operations.
ï‚· The authenticator PAE uses the authentication server to authenticate a supplicant
trying to access the LAN and controls the status of the controlled port according to the
authentication result, putting the controlled port in the authorized or unauthorized
state. In authorized state, the port allows user data to pass, enabling the supplicant(s)
to access the network resources; while in unauthorized state, the port denies all data
of the supplicant(s).
ï‚· The supplicant PAE responds to the authentication request of the authenticator PAE
and provides authentication information. The supplicant PAE can also send
authentication requests and logoff requests to the authenticator.
2) Controlled port and uncontrolled port
ï‚· An authenticator provides ports for supplicants to access the LAN. Each of the ports
can be regarded as two logical ports: a controlled port and an uncontrolled port.
ï‚· The uncontrolled port is always open in both the inbound and outbound directions to
allow EAPOL protocol frames to pass, guaranteeing that the supplicant can always
send and receive authentication frames.
ï‚· The controlled port is open to allow normal traffic to pass only when it is in the
authorized state.
ï‚· The controlled port and uncontrolled port are two parts of the same port. Any frames
arriving at the port are visible to both of them.
3) Control direction
In the unauthorized state, the controlled port can be set to deny traffic to and from the
To Next Page
Loading...
Need help?
General
