ICP DAS USA MSM-6226 User Manual

Also see for MSM Series MSM-6226: Quick start

Contents

ICP DAS USA MSM-6226 User Manual Manual pdf 136 page image

Publication date: Sep, 2009Revision A81243-17. 802.1x Configuration802.1x port-based network access control provides a method to restrict usersto access network resources via authenticating user’s information. This restrictsusers from gaining access to the network resources through a 802.1x-enabled portwithout authentication. If a user wishes to touch the network through a port under802.1x control, he (she) must firstly input his (her) account name for authenticationand waits for gaining authorization before sending or receiving any packets from a802.1x-enabled port.Before the devices or end stations can access the network resources throughthe ports under 802.1x control, the devices or end stations connected to a controlledport send the authentication request to the authenticator, the authenticator pass therequest to the authentication server to authenticate and verify, and the server tellthe authenticator if the request get the grant of authorization for the ports.According to IEEE802.1x, there are three components implemented. Theyare Authenticator, Supplicant and Authentication server shown in Fig. 3-41.Supplicant:It is an entity being authenticated by an authenticator. It is used tocommunicate with the Authenticator PAE (Port Access Entity) byexchanging the authentication message when the Authenticator PAErequest to it.Authenticator:An entity facilitates the authentication of the supplicant entity. It controlsthe state of the port, authorized or unauthorized, according to the resultof authentication message exchanged between it and a supplicant PAE.The authenticator may request the supplicant to re-authenticate itself at aconfigured time period. Once start re-authenticating the supplicant, thecontrolled port keeps in the authorized state until re-authentication fails.A port acting as an authenticator is thought to be two logical ports, acontrolled port and an uncontrolled port. A controlled port can only passthe packets when the authenticator PAE is authorized, and otherwise, anuncontrolled port will unconditionally pass the packets with PAE groupMAC address, which has the value of 01-80-c2-00-00-03 and will not beforwarded by MAC bridge, at any time.Authentication server:A device provides authentication service, through EAP, to anauthenticator by using authentication credentials supplied by thesupplicant to determine if the supplicant is authorized to access thenetwork resource.