Manualsbrain.com
  1. Handbücher
  2. Marken
  3. 3com
  4. S7906E
  5. Installationsanweisungen

3com S7906E Installationsanweisungen

Download
Seite von 2621
 
1-6 
Unsolicited triggering of a client 
A client initiates authentication by sending an EAPOL-Start packet to the device. The destination 
address of the packet is 01-80-C2-00-00-03, the multicast address specified by the IEEE 802.1X 
protocol. 
Some devices in the network may not support multicast packets with the above destination address, 
causing the authentication device unable to receive the authentication request of the client. To solve the 
problem, the device also supports EAPOL-Start packets whose destination address is a broadcast MAC 
address. In this case, the iNode 802.1X client is required. 
Unsolicited triggering of the device 
The device can trigger authentication for clients that cannot send EAPOL-Start packets and therefore 
cannot trigger authentication, for example, the 802.1X client provided by Windows XP. Based on the 
differences in packet transmission mode, unsolicited triggering of the device falls into two categories:  
Multicast triggering mode: The device multicasts EAP-Request/Identify packets periodically (every 
30 seconds by default) to clients.  
Unicast triggering mode: The device deems that a new user is attached to itself upon receiving a 
data frame on a port with the source MAC address not included in the MAC address table. In this 
case, the device sends a unicast packet out the port to trigger 802.1X authentication. 
Authentication Process of 802.1X 
An 802.1X device communicates with a remotely located RADIUS server in two modes: EAP relay and 
EAP termination. The following description takes the EAP relay as an example to show the 802.1X 
authentication process. 
EAP relay 
EAP relay is defined in IEEE 802.1X. In this mode, EAP packets are carried in an upper layer protocol, 
such as RADIUS, so that they can go through complex networks and reach the authentication server. 
Generally, relaying EAP requires that the RADIUS server support the EAP attributes of EAP-Message 
and Message-Authenticator, which are used to encapsulate EAP packets and protect RADIUS packets 
carrying the EAP-Message attribute respectively.  
 shows the EAP packet exchange procedure with EAP-MD5.