A10E/A28E/A28F Configuration Guide
Both the authenticator and the suppliant can initiate the 802.1x authentication procedure. This
guide takes the suppliant for an example, as shown below:
Step 1 The user enters the user name and password. The supplicant sends an EAPoL-Start packet to
the authenticator to start the 802.1x authentication.
Step 2 The authenticator sends an EAP-Request/Identity to the suppliant, asking the user name of the
suppliant.
Step 3 The suppliant replies an EAP-Response/Identity packet to the authenticator, which includes
the user name.
Step 4 The authenticator encapsulates the EAP-Response/Identity packet to the RADIUS protocol
packet and sends the RADIUS protocol packet to the authentication server.
Step 5 The authentication server compares with received encrypted password with the one generated
by itself.
If identical, the authenticator modifies the interface state to authorized state, allowing users to
access the network through the interface and sends an EAP-Success packet to the suppliant.
Otherwise, the interface is in unauthorized state and sends an EAP-Failure packet to the
suppliant.
802.1x timers
During 802.1x authentication, the following 5 timers are involved:
Reauth-period: re-authorization t timer. After the period is exceeded, the A10E/A28E re-
initiates authorization.
Quiet-period: quiet timer. When user authorization fails, the A10E/A28E needs to keep
quiet for a period. After the period is exceeded, the A10E/A28E re-initiates authorization.
During the quiet time, the A10E/A28E does not process authorization packets.
Tx-period: transmission timeout timer. When the A10E/A28E sends a Request/Identity
packet to users, the A10E/A28E will initiate the timer. If users do not send an
authorization response packet during the tx-period, the A10E/A28E will re-send an
authorization request packet. The A10E/A28E sends this packet three times in total.
Supp-timeout: Supplicant authorization timeout timer. When the A10E/A28E sends a
Request/Challenge packet to users, the A10E/A28E will initiate supp-timeout timer. If
users do not send an authorization response packet during the supp-timeout, the
A10E/A28E will re-send the Request/Challenge packet. The A10E/A28E sends this
packet twice in total.
Server-timeout: Authentication server timeout timer. The timer defines the total timeout
period of sessions between authorizer and the RADIUS server. When the configured time
is exceeded, the authenticator will end the session with RADIUS server and start a new
authorization process.
6.7.2 Preparing for configruations
Scenario
To realize access authentication on LAN users and ensure access user security, you need to
configure 802.1x authentication on the A10E/A28E.
To Next Page
Loading...