964 BigIron RX Series Configuration Guide53-1002253-01How 802.1x port security works33FIGURE 124 Authenticator, Client/Supplicant, and Authentication Server in an 802.1xconfigurationAuthenticator – The device that controls access to the network. In an 802.1x configuration, theBigIron RX serves as the Authenticator. The Authenticator passes messages between the Client andthe Authentication Server. Based on the identity information supplied by the Client, and theauthentication information supplied by the Authentication Server, the Authenticator either grants ordoes not grant network access to the Client.Client/Supplicant – The device that seeks to gain access to the network. Clients must be runningsoftware that supports the 802.1x standard (for example, the Windows XP operating system).Clients can either be directly connected to a port on the Authenticator, or can be connected by wayof a hub.Authentication Server – The device that validates the Client and specifies whether or not the Clientmay access services on the device. Brocade supports Authentication Servers running RADIUS.Communication between the devicesFor communication between the devices, 802.1x port security uses the Extensible AuthenticationProtocol (EAP), defined in RFC 2284. The 802.1x standard specifies a method for encapsulatingEAP messages so that they can be carried over a LAN. This encapsulated form of EAP is known asEAP over LAN (EAPOL). The standard also specifies a means of transferring the EAPOL informationbetween the Client/Supplicant, Authenticator, and Authentication Server.EAPOL messages are passed between the Port Access Entity (PAE) on the Supplicant and theAuthenticator. Figure 125 shows the relationship between the Authenticator PAE and theSupplicant PAE.Client/SupplicantRADIUS Server(Authentication Server)BigIron Device(Authenticator)