Manualsbrain.com
  1. Manuals
  2. Brands
  3. 3com
  4. 5500-ei pwr
  5. Installation Instruction

3com 5500-ei pwr Installation Instruction

Download
Page of 1072
 
1-3 
The controlled port can be used to pass service packets when it is in authorized state. It is blocked 
when not in authorized state. In this case, no packets can pass through it. 
Controlled port and uncontrolled port are two properties of a port. Packets reaching a port are 
visible to both the controlled port and uncontrolled port of the port. 
The valid direction of a controlled port 
When a controlled port is in unauthorized state, you can configure it to be a unidirectional port, which 
sends packets to supplicant systems only. 
By default, a controlled port is a unidirectional port. 
The way a port is controlled 
A port of an H3C series switch can be controlled in the following two ways. 
Port-based control. When a port is under port-based control, all the supplicant systems connected 
to the port can access the network without being authenticated after one supplicant system among 
them passes the authentication. And when the authenticated supplicant system goes offline, the 
others are denied as well. 
MAC-based control. When a port is under MAC-based control, all supplicant systems connected to 
the port have to be authenticated individually in order to access the network. And when a 
supplicant system goes offline, the others are not affected. 
The Mechanism of an 802.1x Authentication System 
IEEE 802.1x authentication system uses the Extensible Authentication Protocol (EAP) to exchange 
information between the supplicant system and the authentication server. 
Figure 1-2 The mechanism of an 802.1x authentication system 
 
 
EAP protocol packets transmitted between the supplicant system PAE and the authenticator 
system PAE are encapsulated as EAPoL packets. 
EAP protocol packets transmitted between the authenticator system PAE and the RADIUS server 
can either be encapsulated as EAP over RADIUS (EAPoR) packets or be terminated at system 
PAEs. The system PAEs then communicate with RADIUS servers through Password 
Authentication Protocol (PAP) or Challenge-Handshake Authentication Protocol (CHAP) packets. 
When a supplicant system passes the authentication, the authentication server passes the 
information about the supplicant system to the authenticator system. The authenticator system in 
turn determines the state (authorized or unauthorized) of the controlled port according to the 
instructions (accept or reject) received from the RADIUS server. 
Encapsulation of EAPoL Messages 
The format of an EAPoL packet 
EAPoL is a packet encapsulation format defined in 802.1x. To enable EAP protocol packets to be 
transmitted between supplicant systems and authenticator systems through LANs, EAP protocol 
packets are encapsulated in EAPoL format. The following figure illustrates the structure of an EAPoL 
packet.