24-Port Managed Gigabit Switch
3.7 802.1x Configuration
3.7.1 802.1x Introduction
The TEG3224T provides the port-based 802.1x authentication
function to improve the network security. The IEEE 802.1x standard
defines a client-server-based access control and authentication
protocol that restricts unauthorized clients from connecting to a LAN
through publicly accessible ports. 802.1x can be configured to
authenticate hosts equipped with supplicant software, denying
unauthorized access to the network at the data link layer.
Authentication is usually done by a third-party entity, such as a
RADIUS server. Upon detection of the new client (supplicant), the
port on the switch (authenticator) is enabled and set to the
"unauthorized" state. In this state, only 802.1X traffic is allowed;
other traffic, such as DHCP and HTTP, is blocked at the data link
layer. 802.1x allows only Extensible Authentication Protocol over
LAN (EAPOL) traffic through the port to which the client is
connected. The authenticator sends out the EAP-Request identity
to the supplicant, the supplicant responds with the EAP-response
packet that the authenticator forwards to the authenticating server.
If the authenticating server accepts the request, the authenticator
sets the port to the "authorized" mode and normal traffic is allowed.
When the supplicant logs off, it sends an EAP-logoff message to
the authenticator. The authenticator then sets the port to the
"unauthorized" state, once again blocking all non-EAP traffic.
39
To Next Page
Loading...
