3com WX3000 Manuel D’Utilisation

 

1-2 

z 

The authenticator system, residing at the other end of the LAN segment link, is the entity that 

authenticates the connected supplicant system. The authenticator system is usually an 

802.1x-supported network device. It provides ports (physical or logical) for the supplicant system to 

access the LAN. 

z 

The authentication server system is the entity that provides authentication services to the 

authenticator system. The authentication server system, normally a RADIUS server, serves to 

perform AAA (authentication, authorization, and accounting) services to users. It also stores user 

information, such as user name, password, the VLAN a user should belong to, priority, and any 

ACLs (access control list) to be applied. 

There are four additional basic concepts related to 802.1x: port access entity (PAE), controlled port and 

uncontrolled port, the valid direction of a controlled port and the access control method of a port. 

A PAE (port access entity) is responsible for implementing algorithms and performing protocol-related 

operations in the authentication mechanism. 

z 

The authenticator system PAE authenticates the supplicant systems when they log into the LAN 

and controls the status (authorized/unauthorized) of the controlled ports according to the 

authentication result.  

z 

The supplicant system PAE responds to the authentication requests received from the 

authenticator system and submits user authentication information to the authenticator system. It 

also sends authentication requests and disconnection requests to the authenticator system PAE. 

The Authenticator system provides ports for supplicant systems to access a LAN. Logically, a port of 

this kind is divided into a controlled port and an uncontrolled port. 

z 

The uncontrolled port can always send and receive packets. It mainly serves to forward EAPoL 

packets to ensure that a supplicant system can send and receive authentication requests. 

z 

The controlled port can be used to pass service packets when it is in authorized state. It is blocked 

when not in authorized state. In this case, no packets can pass through it. 

z 

Controlled port and uncontrolled port are two properties of a port. Packets reaching a port are 

visible to both the controlled port and uncontrolled port of the port. 

When a controlled port is in unauthorized state, you can configure it to be a unidirectional port, which 

only sends packets out to supplicant systems. 

By default, a controlled port is a unidirectional port. 

A port of the device can control user accesses in the following two ways. 

z 

Port-based control. When a port works in the port-based control mode, all the supplicant systems 

connected to the port can access the network without being authenticated after one supplicant 

system among them passes the authentication. And when the authenticated supplicant system 

goes offline, the others are denied as well. 

z 

MAC-based control. When a port works in the MAC-based control mode, all supplicant systems 

connected to the port have to be authenticated individually in order to access the network. And 

when a supplicant system goes offline, the others are not affected.