Manualsbrain.com
  1. Manuales
  2. Marcas
  3. 3com
  4. S7906E
  5. Instruccion De Instalación

3com S7906E Instruccion De Instalación

Descargar
Página de 2621
 
1-2 
Architecture of 802.1X 
802.1X operates in the typical client/server model and defines three entities: Client, Device, and Server, 
as shown in 
Figure 1-1 Architecture of 802.1X 
 
 
Client is an entity seeking access to the LAN. It resides at one end of a LAN segment and is 
authenticated by Device at the other end of the LAN segment. Client is usually a user-end device 
such as a PC. 802.1X authentication is triggered when an 802.1X-capable client program is 
launched on Client. The client program must support Extensible Authentication Protocol over LAN 
(EAPOL). 
Device, residing at the other end of the LAN segment, is the entity that authenticates connected 
clients. Device is usually an 802.1X-enabled network device and provides access ports for clients 
to the LAN. 
Server is the entity that provides authentication services to Device. Server, normally a RADIUS 
(Remote Authentication Dial-in User Service) server, serves to perform authentications, 
authorization, and accounting services for users. 
Authentication Modes of 802.1X 
The 802.1X authentication system employs the Extensible Authentication Protocol (EAP) to exchange 
authentication information between the client, device, and authentication server. 
Between the client and the device, EAP protocol packets are encapsulated using EAPOL to be 
transferred on the LAN. 
Between the device and the RADIUS server, EAP protocol packets can be exchanged in two 
modes: EAP relay and EAP termination. In EAP relay mode, EAP packets are encapsulated in the 
EAP over RADIUS (EAPOR) packets on the device, which then can relay the packets to the 
RADIUS server. In EAP termination mode, EAP packets are terminated at the device, converted to 
the RADIUS packets either with the Password Authentication Protocol (PAP) or Challenge 
Handshake Authentication Protocol (CHAP) attribute, and then transferred to the RADIUS server. 
Basic Concepts of 802.1X 
These basic concepts are involved in 802.1X: controlled port/uncontrolled port, authorized 
state/unauthorized state, and control direction. 
Controlled port and uncontrolled port 
A device provides ports for clients to access the LAN. Each port can be regarded as a unity of two 
logical ports: a controlled port and an uncontrolled port. 
The uncontrolled port is always open in both the inbound and outbound directions to allow EAPOL 
protocol packets to pass, guaranteeing that the client can always send and receive authentication 
packets. 
The controlled port is open to allow data traffic to pass only when it is in the authorized state.