To Next Page

To Previous Page

72 RackSwitch G8000: Application Guide

Extensible Authentication Protocol over LAN

IBM Networking OS can provide user-level security for its ports using the IEEE

802.1X protocol, which is a more secure alternative to other methods of port-based

network access control. Any device attached to an 802.1X-enabled port that fails

authentication is prevented access to the network and denied services offered

through that port.

The 802.1X standard describes port-based network access control using Extensible

Authentication Protocol over LAN (EAPoL). EAPoL provides a means of

authenticating and authorizing devices attached to a LAN port that has

point-to-point connection characteristics and of preventing access to that port in

cases of authentication and authorization failures.

EAPoL is a client-server protocol that has the following components:

•

Supplicant or Client

The Supplicant is a device that requests network access and provides the

required credentials (user name and password) to the Authenticator and the

Authenticator Server.

•

Authenticator

The Authenticator enforces authentication and controls access to the network.

The Authenticator grants network access based on the information provided by

the Supplicant and the response from the Authentication Server. The

Authenticator acts as an intermediary between the Supplicant and the

Authentication Server: requesting identity information from the client, forwarding

that information to the Authentication Server for validation, relaying the server’s

responses to the client, and authorizing network access based on the results of

the authentication exchange. The G8000 acts as an Authenticator.

•

Authentication Server

The Authentication Server validates the credentials provided by the Supplicant to

determine if the Authenticator ought to grant access to the network. The

Authentication Server may be co-located with the Authenticator. The G8000

relies on external RADIUS servers for authentication.

Upon a successful authentication of the client by the server, the 802.1X-controlled

port transitions from unauthorized to authorized state, and the client is allowed full

access to services through the port. When the client sends an EAP-Logoff message

to the authenticator, the port will transition from authorized to unauthorized state.

Brand

IBM

Model

RackSwitch G8000

IBM RackSwitch G8000 User Manual

Table of Contents

Other manuals for IBM RackSwitch G8000

Questions and Answers:

IBM RackSwitch G8000 Specifications

Related product manuals

Brand	IBM
Model	RackSwitch G8000
Category	Network Router
Language	English