EasyManua.ls Logo

TP-Link JetStream TL-SG3424P - Page 182

TP-Link JetStream TL-SG3424P
263 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
finds the corresponding password by matching the user name in its database, encrypts the
password using a randomly-generated key, and sends the key to the switch through an
RADIUS Access-Challenge packet. The switch then sends the key to the 802.1X client
program.
5. Upon receiving the key (encapsulated in an EAP-Request/MD5 Challenge packet) from the
switch, the client program encrypts the password of the supplicant system with the key and
sends the encrypted password (contained in an EAP-Response/MD5 Challenge packet) to
the RADIUS server through the switch. (The encryption is irreversible.)
6. The RADIUS server compares the received encrypted password (contained in a RADIUS
Access-Request packet) with the locally-encrypted password. If the two match, it will then
send feedbacks (through a RADIUS Access-Accept packet and an EAP-Success packet) to
the switch to indicate that the supplicant system is authorized.
7. The switch changes the state of the corresponding port to accepted state to allow the
supplicant system access the network. And then the switch will monitor the status of
supplicant by sending hand-shake packets periodically. By default, the switch will force the
supplicant to log off if it cannot get the response from the supplicant for two times.
8. The supplicant system can also terminate the authenticated state by sending EAPOL-Logoff
packets to the switch. The switch then changes the port state from accepted to rejected.
2 EAP Terminating Mode
In this mode, packet transmission is terminated at authenticator systems and the EAP packets are
mapped into RADIUS packets. Authentication and accounting are accomplished through RADIUS
protocol.
In this mode, PAP or CHAP is employed between the switch and the RADIUS server. This switch
supports the PAP terminating mode. The authentication procedure of PAP is illustrated in the
following figure.
Figure 12-19 PAP Authentication Procedure
In PAP mode, the switch encrypts the password and sends the user name, the
randomly-generated key, and the supplicant system-encrypted password to the RADIUS server for
further authentication. Whereas the randomly-generated key in EAP-MD5 relay mode is generated
173

Table of Contents

Other manuals for TP-Link JetStream TL-SG3424P

Preview: Cli Reference Guide
Cli Reference Guide220 pages

Related product manuals