User Guide
180
supplicant is a client device (such as a laptop) that wishes to attach to the LAN/WLAN - though the term
“supplicant” is also used interchangeably to refer to the software running on the client that provides
credentials for the authenticator. The authenticator is a network device, such as an Ethernet switch or
wireless access point; and the authentication server is typically a host running software supporting the
RADIUS and EAP protocols. The authenticator acts like a security guard to a protected network. The
supplicant (i.e., client device) is not allowed access through the authenticator to the protected side of the
network until the supplicant’s identity has been validated and authorized. With 802.1X port-based
authentication, the supplicant provides credentials, such as user name/password or digital certificate, to
the authenticator, and the authenticator forwards the credentials to the authentication server for
verification. If the authentication server determines the credentials are valid, the supplicant (client device)
is allowed to access resources located on the protected side of the network.
802.1X Re-authentication
802.1X Re-authentication re-authenticates users that already pass authentication using timer or message
trigger. With 802.1x Re-authentication enabled, the switch periodically checks users' connection status. If
a user is detected not responding to re-authentication messages for a certain time length, it will then be
disconnected. If it wishes to reconnect to the device, it must initiate an 802.1x authentication again via
client software.
802.1X Access Control Method
This device supports both port based access control method and MAC based access control method.
When port based access control is adopted, as long as the first user connected to this port is
authenticated successfully, other users accessed can use network resources without being authenticated.
However, if the first user is disconnected, other users will be unable to access Internet.
When MAC based access control is adopted, all users connected to this port need to be authenticated
respectively. If some user is disconnected, only this user is unable to access Internet.
802.1X Port Control Mode
Auto: Port is initially in an "unauthorized" status; in this status, it can only transfer/receive EAPoL
messages but cannot access network resources. Once authenticated, the port control mode will toggle to
be authorized and users can access Internet.
Enforce Authorization: The port is always in an "authorized" status and can implement communication
without being authenticated.
Enforce Unauthorization: The port is always in an "unauthorized" status and can only be used to access
device's management interface but cannot implement communication.
802.1X Global Setup
To configure 802.1X settings globally, click Security -> 802.1X -> 802.1X Global Setup.
To Next Page
Loading...
Need help?
General
