Configuration Guide Configuring 802.1X
4.3 Features
Basic Concepts
User
802.1X is a LAN-based protocol. It identifies users based on physical information but not accounts. In a WLAN, a user is
identified by the MAC address and VLAN ID (VID). Except this, all other information such as the account ID and IP address
can be changed.
RADIUS
RADIUS is a remote authentication protocol defined in RFC2865, which get wide practice. Using this protocol, the
authentication server can remotely deploy and perform authentication. During 802.1X deployment, the authentication server
is remotely deployed, and 802.1X authentication information between the NAS and the authentication server is transmitted
through RADIUS.
Timeout
During authentication, an NAS needs to communicate with the authentication client and server. If the authentication client or
server times out, not responding within the time specified by 802.1X, authentication will fail. During deployment, ensure that
the timeout specified by 802.1X is longer than that specified by RADIUS.
MAB
MAC address bypass (MAB) authentication means that the MAC address is used as the user name and password for
authentication. Since Ruijie Supplicant cannot be installed on some dumb ends such as network printers, use MAB to
perform security control.
EAP
802.1X uses Extensible Authentication Protocol (EAP) to carry authentication information. Defined in RFC3748, EAP
provides a universal authentication framework, in which multiple authentication modes are embedded, including Message
Digest Algorithm 5 (MD5), Challenge Handshake Authentication Protocol (CHAP), Password Authentication Protocol (PAP),
and Transport Layer Security (TLS). Ruijie 802.1X authentication supports various modes including MD5, CHAP, PAP,
PEAP-MSCHAP, and TLS.
Authorization
Authorization means to bind specified services to authenticated users, such as VLAN and Access Control List (ACL).
Accounting
Accounting performs network audit on network usage duration and traffic for users, which facilitates network operation,
maintenance, and management.
Some RADIUS servers such as RG-SAM\RG-SMP servers need to check the online/offline status based on accounting
packets. Therefore, accounting must be enabled on these RADIUS servers.
To Next Page
Loading...
Need help?
General
