Operation Manual – 802.1x
Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1
802.1x Configuration
Huawei Technologies Proprietary
1-2
z The authenticator system authenticates the supplicant system. The authenticator
system is usually an 802.1x-supported network device (such as a Quidway series
switch). It provides the port (physical or logical) for the supplicant system to
access the LAN.
z The authentication server system is an entity that provides authentication service
to the authenticator system. Normally in the form of a RADIUS server, the
authentication server system serves to perform AAA (authentication, authorization,
and accounting) . It also stores user information, such as user name, password,
the VLAN a user belongs to, priority, and the ACLs (access control list) applied.
Following are the four basic concept related with the above three entities, namely the
PAE, controlled port and uncontrolled port, the valid direction of a controlled port and
the way a port is controlled.
I. PAE
A PAE (port access entity) is responsible for the implementation of algorithm and
protocol-related operations in the authentication mechanism.
The authenticator system PAE authenticates the supplicant systems when they log into
the LAN and controls the authorizing state (on/off) of the controlled ports according to
the authentication result.
The supplicant system PAE responds to the authentication requests received from the
authenticator system and submits user authentication information to the authenticator
system. It can also send authentication and disconnection requests to the authenticator
system PAE.
II. Controlled port and uncontrolled port
The Authenticator system provides ports for supplicant systems to access a LAN. A
port of this kind is divided into a controlled port and an uncontrolled port.
z The uncontrolled port can always send and receive packets. It mainly serves to
forward EAPoL packets to ensure that a supplicant system can send and receive
authentication requests.
z The controlled port can be used to pass service packets when it is in authorized
state. It is blocked when not in authorized state. In this case, no packets can pass
through it.
z Controlled port and uncontrolled port are two properties of a access port. Packets
reaching an access port are visible to both the controlled port and uncontrolled
port of the access port.
III. The valid direction of a controlled port
When a controlled port is in unauthorized state, you can configure it to be a
unidirectional port, which sends packets to supplicant systems only.
By default, a controlled port is a unidirectional port.
To Next Page
Loading...
