7705 SAR Interfaces
160
Interface Configuration Guide
3HE 11011 AAAC TQZZA Edition: 01
3.3.1 802.1x Basics
The IEEE 802.1x standard defines three participants in an authentication
conversation (see Figure 18):
• the supplicant — the end-user device that requests access to the network
• the authenticator — controls access to the network. Both the supplicant and the
authenticator are referred to as Port Authentication Entities (PAEs).
• the authentication server — performs the actual processing of the user
information
Figure 18 802.1x Architecture
The authentication exchange is carried out between the supplicant and the
authentication server; the authenticator acts only as a bridge. The communication
between the supplicant and the authenticator is done using EAPOL. The
communication between the authenticator and the authentication server is done
using the RADIUS protocol. The authenticator is therefore a RADIUS client, and the
authentication server is a RADIUS server.
Figure 19 shows an example of the messages transmitted during an
authenticator-initiated One Time Password (OTP) authentication process.
The authenticator initiates the procedure when the Ethernet port becomes
operationally up by sending a special PDU called an EAP-Request/ID to the
supplicant. The supplicant can also initiate the exchange by sending an EAPOL-start
PDU if it does not receive the EAP-Request/ID frame during boot-up. The supplicant
responds to the EAP-Request/ID with an EAP-Response/ID frame containing its
identity (typically username + password).
Supplicant
eNB
Ethernet
Authentication
server
Authenticator
7705 SAR
21373
Note: OTP is one of many authentication mechanisms that are available for use between
the supplicant and the authentication server. These authentication mechanisms (protocols)
are transparent to the 7705 SAR.
To Next Page
Loading...
