3com DUA1750-2BAA01 Manual De Usuario
3Com Switch 8800 Configuration Guide
Chapter 39 802.1x Configuration
39-1
Chapter 39 802.1x Configuration
39.1 802.1x Overview
39.1.1 802.1x Standard Overview
IEEE 802.1x (hereinafter simplified as 802.1x) is a port-based network access control
protocol that is used as the standard for LAN user access authentication.
protocol that is used as the standard for LAN user access authentication.
In the LANs complying with the IEEE 802 standards, the user can access the devices
and share the resources in the LAN through connecting the LAN access control device
like the LAN Switch. However, in telecom access, commercial LAN (a typical example
is the LAN in the office building) and mobile office etc., the LAN providers generally
hope to control the user’s access. In these cases, the requirement on the
above-mentioned “Port Based Network Access Control” originates.
and share the resources in the LAN through connecting the LAN access control device
like the LAN Switch. However, in telecom access, commercial LAN (a typical example
is the LAN in the office building) and mobile office etc., the LAN providers generally
hope to control the user’s access. In these cases, the requirement on the
above-mentioned “Port Based Network Access Control” originates.
As the name implies, “Port Based Network Access Control” means to authenticate and
control all the accessed devices on the port of LAN access control device. If the user’s
device connected to the port can pass the authentication, the user can access the
resources in the LAN. Otherwise, the user cannot access the resources in the LAN. It
equals that the user is physically disconnected.
control all the accessed devices on the port of LAN access control device. If the user’s
device connected to the port can pass the authentication, the user can access the
resources in the LAN. Otherwise, the user cannot access the resources in the LAN. It
equals that the user is physically disconnected.
802.1x defines port based network access control protocol and only defines the
point-to-point connection between the access device and the access port. The port can
be either physical or logical. The typical application environment is as follows: Each
physical port of the LAN Switch only connects to one user workstation (based on the
physical port) and the wireless LAN access environment defined by the IEEE 802.11
standard (based on the logical port), etc.
point-to-point connection between the access device and the access port. The port can
be either physical or logical. The typical application environment is as follows: Each
physical port of the LAN Switch only connects to one user workstation (based on the
physical port) and the wireless LAN access environment defined by the IEEE 802.11
standard (based on the logical port), etc.
39.1.2 802.1x System Architecture
The system using the 802.1x is the typical C/S (Client/Server) system architecture. It
contains three entities, which are illustrated in the following figure: Supplicant System,
Authenticator System and Authentication Sever System.
contains three entities, which are illustrated in the following figure: Supplicant System,
Authenticator System and Authentication Sever System.
The LAN access control device needs to provide the Authenticator System of 802.1x.
The devices at the user side such as the computers need to be installed with the 802.1x
client Supplicant software, for example, the 802.1x client provided by Microsoft
Windows XP. The 802.1x Authentication Sever system normally stays in the carrier’s
AAA center.
The devices at the user side such as the computers need to be installed with the 802.1x
client Supplicant software, for example, the 802.1x client provided by Microsoft
Windows XP. The 802.1x Authentication Sever system normally stays in the carrier’s
AAA center.
Authenticator and Authentication Sever exchange information through EAP (Extensible
Authentication Protocol) frames. The Supplicant and the Authenticator exchange
information through the EAPoL (Extensible Authentication Protocol over LANs) frame
defined by IEEE 802.1x. Authentication data are encapsulated in the EAP frame, which
Authentication Protocol) frames. The Supplicant and the Authenticator exchange
information through the EAPoL (Extensible Authentication Protocol over LANs) frame
defined by IEEE 802.1x. Authentication data are encapsulated in the EAP frame, which