BayStack 450 10/100/1000 Series Switches
309978-D Rev 01 1-23
Overview and Terms
This section provides a detailed description of EAPOL-based security, including
an overview of the components and terms used with this feature.
Some components of EAPOL-based security are:
• Supplicant -- the entity that the Authenticator is authorizing. The supplicant
can be any end station or server that is connected to the switch. In the
preceding example, the supplicant is the new client PC.
• Authenticator -- a software entity whose sole purpose is to authorize a
supplicant that is attached to the other end of a LAN segment.
• Authentication Server -- a RADIUS server that provides authorization
services to the Authenticator.
• Port Access Entity (PAE) -- a software entity associated with each port that
supports the Authenticator or Supplicant functionality. In the preceding
example, the Authenticator PAE resides on the switch.
• Controlled Port -- any switch port whose operational state is influenced by the
Authenticator. In the preceding example, the controlled port is the switch port
that is connected to the new client PC.
The Authenticator communicates with the Supplicant using an encapsulation
mechanism known as EAP over LANs (EAPOL).
The Authenticator PAE encapsulates the EAP message into a RADIUS packet
before sending the packet to the Authentication Server. The Authenticator does
not interfere with authentication exchanges that occur between the Supplicant and
the Authentication Server (except for encapsulating the EAP message to make it
suitable for the packet’s destination).
The Authenticator determines the controlled port’s operational state. After the
RADIUS server notifies the Authenticator PAE about the success or failure of the
authentication, it changes the controlled port’s operational state accordingly.
The Authenticator PAE functionality is implemented for each controlled port on
the switch. At system initialization, or when a supplicant is initially connected to
the switch’s controlled port, the controlled port’s state is set to Blocking. During
that time, only EAP packets can be received from the supplicant.
To Next Page
Loading...
Need help?
General