Interface Configuration Guide 7705 SAR Interfaces
Edition: 01 3HE 11011 AAAC TQZZA 161
After receiving the EAP-Response/ID frame, the authenticator encapsulates the
identity information into a RADIUS Access Request packet, and sends it off to the
configured RADIUS server. The RADIUS Access Request packet contains the
following attributes:
• User-Name – the name of the supplicant to be authenticated
• Calling-Station-Id – the MAC address of the supplicant
• NAS-IP-Address – the IP address of the device acting as the authenticator
• NAS-Port – the physical port number of the device acting as the authenticator
• State – allows state information to be maintained between the authenticator and
the RADIUS server
• EAP-Message – used to encapsulate EAP packets for transmission from the
authenticator to the RADIUS server
• Message-Authenticator – used to authenticate and protect the integrity of
Access Request messages in order to prevent spoofing attacks
The RADIUS server checks the supplied credentials using an authentication
algorithm to verify the supplicant’s identity. If approved, the RADIUS server returns
an Access Accept message to the authenticator. The authenticator notifies the
supplicant with an EAP-Success message and puts the port in the authorized state.
If the supplicant sends an EAP-Logoff message, the authenticator puts the
supplicant in an unauthorized state and continues searching for supplicants to
authenticate.
After sending an EAP-Failure message, the authenticator puts the supplicant in an
unauthorized state, waits for the number of seconds defined by the quiet-period
timer, then continues searching for supplicants to authenticate.
The 7705 SAR conforms to the relevant sections of the 802.1X-2001
implementation.
To Next Page
Loading...
