Interface Configuration Guide 7705 SAR Interfaces
Edition: 01 3HE 11011 AAAC TQZZA 159
3.3 802.1x Network Access Control
The 7705 SAR supports network access control over client devices on an Ethernet
network using the IEEE 802.1x standard. 802.1x is a standard for authenticating
Ethernet devices before they can access the network. In the case of the 7705 SAR,
authentication is performed using Extensible Authentication Protocol (EAP) over
LAN (EAPOL).
802.1x provides protection against unauthorized access by forcing the device
connected to the 7705 SAR to go through an authentication phase before it is able
to send any non-EAP packets. Only EAPOL frames can be exchanged between the
aggregation device (called the authenticator; for example, the 7705 SAR) and the
customer device (called the supplicant) until authentication is successfully
completed. The 7705 SAR enables the port after successful authentication. While
the port is unauthenticated, the port will be “down” to all upper layer protocols or
services.
A typical use for EAPOL would involve a 7705 SAR and some type of Ethernet
device, such as a laptop, a set-top box, or a Node B. An authentication server would
negotiate with the Ethernet device through the 7705 SAR (whose role is
authenticator). For example, a technician using a laptop to gain access to his or her
network at a cell site would have his or her laptop subject to the 802.1x access
control, just as the Node B would. In every case, the Ethernet device connected to
the 7705 SAR must negotiate for network access. Essentially, with EAPOL in use,
any Ethernet device that connects to the 7705 SAR must negotiate for permission to
send traffic through the 7705 SAR Ethernet port.
The 7705 SAR supports the following EAP methods: MD5, TLS, TTLS, and PEAPv0.
MAC authentication can be used to authenticate client devices that do not support
EAP. For more information, see MAC Authentication.
This section describes the following:
• 802.1x Basics
• 802.1x Modes
• 802.1x Timers
• 802.1x Configuration and Limitations
To Next Page
Loading...
