3com 3.01.01 User Manual
9
AAA
AND
RADIUS O
PERATION
This chapter covers the following topics:
■
■
IEEE 802.1x
IEEE 802.1x (hereinafter simplified as 802.1x) is a port-based network access
control protocol that is used as the standard for LAN user access authentication.
control protocol that is used as the standard for LAN user access authentication.
In LANs that comply with IEEE 802 standards, the user can access devices and
share resources in the LAN by connecting a device such as a LAN Switch. In
telecom access, commercial LAN (a typical example is the LAN in the office
building) and mobile office, etc., the LAN providers generally aim to control the
user’s access. The requirement on the above-mentioned “port-based network
access control” is the most applicable.
share resources in the LAN by connecting a device such as a LAN Switch. In
telecom access, commercial LAN (a typical example is the LAN in the office
building) and mobile office, etc., the LAN providers generally aim to control the
user’s access. The requirement on the above-mentioned “port-based network
access control” is the most applicable.
As the name implies, “port-based network access control” means to authenticate
and control all accessed devices on the port of the device. If the user’s device can
pass authentication, the user can access resources in the LAN.
and control all accessed devices on the port of the device. If the user’s device can
pass authentication, the user can access resources in the LAN.
802.1x defines port based network access control protocol, and the point-to-point
connection between the access device and the access port, only. The port can be
either physical or logical. A typical application environment is as follows: Each
physical port of the LAN Switch only connects to one user workstation (based on
the physical port) and the wireless LAN access environment (based on the logical
port), etc.
connection between the access device and the access port, only. The port can be
either physical or logical. A typical application environment is as follows: Each
physical port of the LAN Switch only connects to one user workstation (based on
the physical port) and the wireless LAN access environment (based on the logical
port), etc.
Configuring IEEE 802.1x is described in the following sections:
■
■
802.1x System
Architecture
The system using 802.1x is a typical C/S (Client/Server) system architecture. It
contains three entities, Supplicant System, Authenticator System and
Authentication Server System.
contains three entities, Supplicant System, Authenticator System and
Authentication Server System.
The LAN access control device needs to provide the Authenticator System of
802.1x. The computers need to be installed with the 802.1x client Supplicant
software, for example, the 802.1x client provided by Microsoft Windows XP. The
802.1x Authentication Server system normally stays in the carrier’s AAA center.
802.1x. The computers need to be installed with the 802.1x client Supplicant
software, for example, the 802.1x client provided by Microsoft Windows XP. The
802.1x Authentication Server system normally stays in the carrier’s AAA center.
Authenticator and Authentication Server exchange information through EAP
(Extensible Authentication Protocol) frames. The Supplicant and the Authenticator
exchange information through the EAPoL (Extensible Authentication Protocol over
(Extensible Authentication Protocol) frames. The Supplicant and the Authenticator
exchange information through the EAPoL (Extensible Authentication Protocol over