Configuration Guide Configuring 802.1X
RIPT
Using Remote Intelligent Perceptive Technology (RIPT), an AP can continue to provide WLAN services to customers when
the AC is faulty or disconnected from the AP. 802.1X supports this technology. 802.1X on such APs can continue to provide
authentication service for customers.
Overview
Provides secure admission for users. Only authenticated users can access the network.
Grants network access rights to authenticated users, such as IP address binding and ACL binding
Provides online record audit, such as online duration and traffic.
4.3.1 Authentication
Authentication aims to check whether users are authorized and prevent unauthorized users from accessing the network.
Users must pass authentication to obtain the network access permission. They can access the network only after the
authentication server verifies the account. Before user authentication succeeds, only EAPOL packets (Extensible
Authentication Protocol over LAN, 802.1X packets) can be transmitted over the network for authentication.
Working Principle
802.1X authentication is very simple. After a user submits its account information, the NAS sends the account information to
the remote RADIUS server for identity authentication. If the authentication succeeds, the user can access the network.
Roles in Authentication
802.1X authentication involves three roles: supplicant, authenticator, and server. In real applications, their respective roles
are client, network access server (NAS), and authentication server (mostly RADIUS server).
Figure 4-2
Supplicant
The supplicant is the role of end users, usually a PC. It requests to access network services and replies to the request
packets of the authenticator. The supplicant must run software compliant with the 802.1X standard. Except the typical 802.1X