Operation Manual – 802.1x and System GuardH3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration1-2z Timers Used in 802.1xz 802.1x Implementation on an S3100-52P Switch1.1.1 Architecture of 802.1x AuthenticationAs shown in Figure 1-1, 802.1x adopts a client/server architecture with three entities: asupplicant system, an authenticator system, and an authentication server system.Figure 1-1 Architecture of 802.1x authenticationz The supplicant system is an entity residing at one end of a LAN segment and isauthenticated by the authenticator system at the other end of the LAN segment.The supplicant system is usually a user terminal device. An 802.1x authenticationis triggered when a user launches client program on the supplicant system. Notethat the client program must support the extensible authentication protocol overLAN (EAPoL).z The authenticator system is another entity residing at one end of a LAN segment.It authenticates the connected supplicant systems. The authenticator system isusually an 802.1x-supported network device (such as a H3C series switch). Itprovides the port (physical or logical) for the supplicant system to access the LAN.z The authentication server system is an entity that provides authentication serviceto the authenticator system. Normally in the form of a RADIUS server, theauthentication server system serves to perform Authentication, Authorization, andAccounting (AAA) services to users. It also stores user information, such as username, password, the VLAN a user belongs to, priority, and the Access ControlLists (ACLs) applied.The four basic concepts related to the above three entities are PAE, controlled port anduncontrolled port, the valid direction of a controlled port and the way a port is controlled.I. PAEA port access entity (PAE) is responsible for implementing algorithms and performingprotocol-related operations in the authentication mechanism.