Nortel 2526T Configuration

Also see for 2526T: Reference guide Quick install guide

Contents

22 Using security in your networkservice such as RADIUS. This security feature works hand-in-hand withthe Radius-based server and thus provides the advantages of remoteauthentication to internal LAN clients.An example follows to show how an Ethernet Routing Switch 2500 Seriesreacts when it is configured to the EAPoL security feature and a newnetwork connection:• When the switch finds a new connection in one of its ports, the followingoccurs:1. The switch asks for a User ID of the new client.2. The User ID is covered by EAPoL, and it passes on to the Radiusserver.3. The response from the Radius server is to ask for a password ofthe user.• Within the EAPoL packet, the new client forwards a password to theswitch:— The EAPoL packet is relayed to the Radius server.— If the Radius server validates the password, the new client is allowedto access the switch and the network.The EAPoL-based security is composed of the following terms:• Supplicant- the device applying for network access.• Authenticator- a software with the main purpose of authorizing thesupplicant who is attached at the other end of the LAN segment.• Authentication server- a Radius server that provides authorizationservices to an authenticator.• Port Access Entity (PAE)- an entity that supports each port to theAuthenticator or Supplicants. In the example above, the authenticatorPAE is present in the switch.Controlled Port is a switch port with EAPOL based security. Theauthenticator communicates with the Supplicant through EAP over LAN(EAPoL), which is an encapsulation mechanism.The authenticator PAE encapsulates the EAP through the RADIUSserver packet and sends it to the authentication server. Theauthenticator server sends the packet in an exchange that occursbetween the supplicant and authentication server. This exchangeoccurs when the EAP message is encapsulated to make it suitable forthe destination of the packet.The authenticator determines the operational state of the controlledport. The RADIUS server notifies the authenticator PAE of the successNortel Ethernet Routing Switch 2500 SeriesSecurity — Configuration and ManagementNN47215-505 (323165-B) 02.01 Standard4.1 19 November 2007Copyright © 2007, Nortel Networks.