Configuration Guide Configuring 802.1X
client support embedded in the operating system, Ruijie has launched a Ruijie Supplicant compliant with the 802.1X
standard.
Authenticator
The authenticator is usually an NAS such as a switch or wireless access hotspot. It controls the network connection of a
client based on the client's authentication status. As a proxy between the client and the authentication server, the
authenticator requests the user name from the client, verifies the authentication information from the authentication server,
and forwards it to the client. Except as the 802.1X authenticator, the so-called NAS also acts as a RADIUS Client. It
encapsulates the replies of the client into the RADIUS-format packets and forwards the packets to the RADIUS server. After
receiving the information from the RADIUS server, it interprets the information and forwards it to the client.
The authenticator has two types of ports: controlled port and uncontrolled port. Users connected to controlled ports can
access network resources only when authenticated. Users connected to uncontrolled ports can directly access network
resources without authentication. We can connect users to controlled ports to control users. Uncontrolled ports are mainly
used to connect the authentication server to ensure proper communication between the authentication server and the NAS.
Authentication server
The authenticator server is usually an RADIUS server. It cooperates with the authenticator to provide authentication service
for users. The authentication server saves the user names, passwords, and related authorization information. One server
can provides authentication service for multiple authenticators to achieve centralized user management. The authentication
server also manages accounting data received from authenticators. Ruijie RADIUS servers compliant with 802.1X standard
include Microsoft IAS/NPS, Free RADIUS Server, and Cisco ACS.
Authentication Process and Packet Exchange
The supplicant exchanges information with the authenticator through EAPOL while exchanges information with the
authentication server through RADIUS. EAPOL is encapsulated on the MAC layer, with the type number of 0x888E. IEEE
assigned a multicast MAC address 01-80-C2-00-00-03 for EAPOL to exchange packets during initial authentication. Ruijie
Supplicant may also use 01-D0-F8-00-00-03 to for initial authentication packets.
Figure 4-3 shows the typical authentication process of a wired user.
Figure 4-3
To Next Page
Loading...
Need help?
General
