To Next Page

To Previous Page

Chapter 4: Web configuration

212 NS3552-8P-2S-V2 User Manual

switch receives EAPOL frames and relays them to the authentication server, the

Ethernet header is stripped and the remaining EAP frame is re-encapsulated in the

RADIUS format. The EAP frames are not modified or examined during

encapsulation, and the authentication server must support EAP within the native

frame format. When the switch receives frames from the authentication server, the

server's frame header is removed, leaving the EAP frame which is then

encapsulated for Ethernet and sent to the client.

Authentication initiation and message exchange

The switch or the client can initiate authentication. If you enable authentication on a

port by using the dot1x port-control auto interface configuration command, the switch

must initiate authentication when it determines that the port link state transitions from

down to up. It then sends an EAP-request/identity frame to the client to request its

identity (typically, the switch sends an initial identity/request frame followed by one or

more requests for authentication information). Upon receipt of the frame, the client

responds with an EAP-response/identity frame.

However, if the client does not receive an EAP-request/identity frame from the switch

during bootup, the client can initiate authentication by sending an EAPOL-start frame

which prompts the switch to request the client's identity.

Note: If 802.1X is not enabled or supported on the network access device, any EAPOL

frames from the client are dropped. If the client does not receive an EAP-

request/identity frame after three attempts to start authentication, the client transmits

frames as if the port is in the authorized state. A port in the authorized state effectively

means that the client has been successfully authenticated.

When the client supplies its identity, the switch begins its role as the intermediary,

passing EAP frames between the client and the authentication server until

authentication succeeds or fails. If the authentication succeeds, the switch port

becomes authorized.

The specific exchange of EAP frames depends on the authentication method being

used. The diagram below shows a message exchange initiated by the client using the

One-Time-Password (OTP) authentication method with a RADIUS server.

Interlogix NS3552-8P-2S-V2 User Manual

Other manuals for Interlogix NS3552-8P-2S-V2