Operation Manual - Security
Quidway S6500 Series Ethernet Switches Chapter 1
802.1x Configuration
Huawei Technologies Proprietary
1-2
The Controlled Port will be in connecting state only after the user passes the
authentication. Then the user is allowed to access the network resources.
Supplicant
Authenticator
PAE
Authenticator
Server
Authenticator
Server
System
EAP protocol
exchanges
carried in
higher layer
protocol
Supplicant
System
Authenticator System
EAPoL
Controlled
Port
Port
unauthorized
LAN
Uncontrolled
Port
Services
offered
by
Authenticators
System
Figure 1-1 802.1x system architecture
1.1.3 802.1x Authentication Process
802.1x configures EAP frame to carry the authentication information. The Standard
defines the following types of EAP frames:
z EAP-Packet: Authentication information frame, used to carry the authentication
information.
z EAPoL-Start: Authentication originating frame, actively originated by the
Supplicant.
z EAPoL-Logoff: Logoff request frame, actively terminating the authenticated state.
z EAPoL-Key: Key information frame, supporting to encrypt the EAP packets.
z EAPoL-Encapsulated-ASF-Alert: Supports the Alerting message of Alert Standard
Forum (ASF).
The EAPoL-Start, EAPoL-Logoff and EAPoL-Key only exist between the Supplicant
and the Authenticator. The EAP-Packet information is re-encapsulated by the
Authenticator System and then transmitted to the Authentication Server System. The
EAPoL-Encapsulated-ASF-Alert is related to the network management information and
terminated by the Authenticator.
802.1x provides an implementation solution of user ID authentication. However, 802.1x
itself is not enough to implement the scheme. The administrator of the access device
should configure the AAA scheme by selecting RADIUS or local authentication so as to
assist 802.1x to implement the user ID authentication. For detailed description of AAA,
refer to the corresponding AAA configuration.
To Next Page
Loading...
Need help?
General
