GarrettCom MNS-6K 4.1.4 Manual Do Utilizador
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E
108
F
IGURE
69 – 802.1x authentication details
1. The supplicant (laptop/host) is initially blocked from accessing the network. The
supplicant wanting to access these services starts with an EAPOL-Start frame
2. The authenticator (Magnum 6K switch), upon receiving an EAPOL-start frame, sends a
response with an EAP-Request/Identity frame back to the supplicant. This will inform
the supplicant to provide its identity
the supplicant to provide its identity
3. The supplicant then sends back its own identification using an EAP-Response/Identity
frame to the authenticator (Magnum 6K switch.) The authenticator then relays this to the
authentication server by encapsulating the EAP frame on a RADIUS-Access-Request
packet
authentication server by encapsulating the EAP frame on a RADIUS-Access-Request
packet
4. The RADIUS server will then send the authenticator a RADIUS-Access-Challenge packet
5. The authenticator (Magnum 6K switch) will relay this challenge to the supplicant using an
5. The authenticator (Magnum 6K switch) will relay this challenge to the supplicant using an
EAP-Request frame. This will request the supplicant to pass its credentials for
authentication
authentication
6. The supplicant will send its credentials using an EAP-Response packet
7. The authenticator will relay using a RADIUS-Access-Request packet
8. If the supplicant’s credentials are valid, RADIUS-Access-Accept packet is sent to the
7. The authenticator will relay using a RADIUS-Access-Request packet
8. If the supplicant’s credentials are valid, RADIUS-Access-Accept packet is sent to the
authenticator
9. The authenticator will then relay this on as an EAP-Success and provides access to the
network
10. If the supplicant does not have the necessary credentials, a RADIUS-Access-Deny packet
is sent back and relayed to the supplicant as an EAP-Failure frame. The access to the
network continues to be blocked
network continues to be blocked
802.1x
Switch
Switch
EAPOL
EAP over RADIUS
X
Port Connected
Access Blocked
EAP Request Id
Y
Z
RADIUS Access Request
[
RADIUS Access Challenge
EAP Request
\
EAP Response
]
^
RADIUS Access Request
RADIUS Access Accept
EAP Success
`
_
Access Allowed
802.1x
Switch
Switch
EAPOL
EAP over RADIUS
X
Port Connected
Access Blocked
EAP Request Id
Y
Z
RADIUS Access Request
[
RADIUS Access Challenge
EAP Request
\
EAP Response
]
^
RADIUS Access Request
RADIUS Access Accept
EAP Success
`
_
Access Allowed