EasyManuals Logo

SNR S2940-8G-v2 User Manual

SNR S2940-8G-v2
420 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #307 background imageLoading...
Page #307 background image
SNR S2940-8G-v2 Switch Configuration Guide
802.1x Configuration
3. Controlled direction
In unauthenticated status, controlled ports can be set as unidirectional controlled or bi-directionally
controlled.
• When the port is bi-directionally controlled, the sending and receiving of all frames is forbid-
den.
• When the port is unidirectional controlled, no frames can be received from the supplicant
systems while sending frames to the supplicant systems is allowed.
Notes: At present, this kind of switch only supports unidirectional control.
45.1.2 The Work Mechanism of 802.1x
IEEE 802.1x authentication system uses EAP (Extensible Authentication Protocol) to implement
exchange of authentication information between the supplicant system, authenticator system and
authentication server system.
Supplicant
PAE
Authenticator
System PAE
Authentication
server system
EAPOL RADIUS
Figure 45.2: the Work Mechanism of 802.1x
• EAP messages adopt EAPOL encapsulation format between the PAE of the supplicant sys-
tem and the PAE of the authenticator system in the environment of LAN.
• Between the PAE of the authenticator system and the RADIUS server, there are two meth-
ods to exchange information: one method is that EAP messages adopt EAPOR (EAP over
RADIUS) encapsulation format in RADIUS protocol; the other is that EAP messages ter-
minate with the PAE of the authenticator system, and adopt the messages containing RAP
(Password Authentication Protocol) or CHAP (Challenge Handshake Authentication Proto-
col) attributes to do the authentication interaction with the RADIUS server.
• When the user pass the authentication, the authentication server system will send the rel-
ative information of the user to authenticator system, the PAE of the authenticator system
will decide the authenticated/unauthenticated status of the controlled port according to the
authentication result of the RADIUS server.
45.1.3 The Encapsulation of EAPOL Messages
1. The Format of EAPOL Data Packets
EAPOL is a kind of message encapsulation format defined in 802.1x protocol, and is mainly
used to transmit EAP messages between the supplicant system and the authenticator system in
order to allow the transmission of EAP messages through the LAN. In IEEE 802/Ethernet LAN
environment, the format of EAPOL packet is illustrated in the next figure. The beginning of the
EAPOL packet is the Type/Length domain in MAC frames.
307

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the SNR S2940-8G-v2 and is the answer not in the manual?

SNR S2940-8G-v2 Specifications

General IconGeneral
BrandSNR
ModelS2940-8G-v2
CategorySwitch
LanguageEnglish