Enterasys Networks 6H3xx Betriebsanweisung

The Enterasys Networks’ 6000 Series and Matrix E7 modules support the following 802.1X 
security and authentication features to:

Authenticate hosts that are connected to dedicated switch ports.

Authenticate based on single-user hosts. (If a host is a time-shared Unix or VMS system, 
successful authentication by any user will allow all users access to the network.)

Allow users to authenticate themselves by logging in with user names and passwords, token 
cards, or other high-level identification. Thus, a system manager does not need to spend hours 
setting low-level MAC address filters on every edge switch to simulate user-level access 
controls. 

Divide system functionality between supplicants (user machines), authenticators, and 
authentication servers. Authenticators reside in edge switches. They shuffle messages and tell 
the switch when to grant or deny access, but do not validate logins. User validation is the job of 
authentication servers. This separation of functions allows network managers to put 
authentication servers on central servers. 

Use the 802.1X protocol to communicate between the authenticator and the supplicant. The 
frame format using 802.1X includes extra data fields within a LAN frame. Note that 802.1X 
does not allow routing.

Use 802.1X to communicate between the authenticator and the authentication server. The 
specific protocol that runs between these components (e.g., RADIUS-encapsulated EAP) is not 
specified and is implementation-dependent.

Authentication Server

Provides authentication service to an authenticator. This 
service determines, by the credentials the supplicant 
provides, whether a supplicant is authorized to access 
services provided by the authenticator. The authentication 
server can be co-located with an authenticator or can be 
accessed remotely.

Supplicant

The entity (user machine) that is trying to be authenticated 
by an authenticator attached to the other end of that link.