3com 8807 사용자 가이드
222
C
HAPTER
25: 802.1
X
C
ONFIGURATION
There are two types of ports for the Authenticator. One is the Uncontrolled Port,
and the other is the Controlled Port. The Uncontrolled Port is always in
bi-directional connection state. The user can access and share the network
resources any time through the ports. The Controlled Port will be in connecting
state only after the user passes the authentication. Then the user is allowed to
access the network resources.
and the other is the Controlled Port. The Uncontrolled Port is always in
bi-directional connection state. The user can access and share the network
resources any time through the ports. The Controlled Port will be in connecting
state only after the user passes the authentication. Then the user is allowed to
access the network resources.
Figure 58 802.1x system architecture
802.1x Authentication
Process
802.1x configures EAP frame to carry the authentication information. The
Standard defines the following types of EAP frames:
Standard defines the following types of EAP frames:
■
EAP-Packet: Authentication information frame, used to carry the
authentication information.
authentication information.
■
EAPoL-Start: Authentication originating frame, actively originated by the
Supplicant.
Supplicant.
■
EAPoL-Logoff: Logoff request frame, actively terminating the authenticated
state.
state.
■
EAPoL-Key: Key information frame, supporting to encrypt the EAP packets.
■
EAPoL-Encapsulated-ASF-Alert: Supports the Alerting message of Alert
Standard Forum (ASF).
Standard Forum (ASF).
The EAPoL-Start, EAPoL-Logoff and EAPoL-Key only exist between the Supplicant
and the Authenticator. The EAP-Packet information is re-encapsulated by the
Authenticator System and then transmitted to the Authentication Server System.
The EAPoL-Encapsulated-ASF-Alert is related to the network management
information and terminated by the Authenticator.
and the Authenticator. The EAP-Packet information is re-encapsulated by the
Authenticator System and then transmitted to the Authentication Server System.
The EAPoL-Encapsulated-ASF-Alert is related to the network management
information and terminated by the Authenticator.
802.1x provides an implementation solution of user ID authentication. However,
802.1x itself is not enough to implement the scheme. The administrator of the
access device should configure the AAA scheme by selecting RADIUS or local
authentication so as to assist 802.1x to implement the user ID authentication. For
detailed description of AAA, refer to the "AAA&RADIUS&HWTAWACS" part in
this document.
802.1x itself is not enough to implement the scheme. The administrator of the
access device should configure the AAA scheme by selecting RADIUS or local
authentication so as to assist 802.1x to implement the user ID authentication. For
detailed description of AAA, refer to the "AAA&RADIUS&HWTAWACS" part in
this document.
6XSSOLFDQW
$XWKHQWLFDWRU
3$(
$XWKHQWLFDWRU
6HUYHU
6XSSOLFDQW
6\VWHP
$XWKHQWLFDWRU6\VWHP
$XWKHQWLFDWRU
6HUYHU
6\VWHP
6\VWHP
($3SURWRFRO
H[FKDQJHV
FDUULHGLQ
KLJKHUOD\HU
SURWRFRO
($3R/
&RQWUROOHG
3RUW
3RUW
XQDXWKRUL]HG
/$1
8QFRQWUROOHG
3RUW
6HUYLFHV
RIIHUHG
E\
$XWKHQWLFDWRUV
6\VWHP
RIIHUHG
E\
$XWKHQWLFDWRUV
6\VWHP