Manualsbrain.com
  1. Manuais
  2. Marcas
  3. 3com
  4. 5500-ei pwr
  5. Instrução De Instalação

3com 5500-ei pwr Instrução De Instalação

Download
Página de 1072
 
1-2 
Figure 1-1 Architecture of 802.1x authentication 
 
 
The supplicant system is the entity seeking access to the LAN. It resides at one end of a LAN 
segment and is authenticated by the authenticator system at the other end of the LAN segment. 
The supplicant system is usually a user terminal device. An 802.1x authentication is triggered when 
a user launches an 802.1x-capable client program on the supplicant system. Note that the client 
program must support the extensible authentication protocol over LAN (EAPoL). 
The authenticator system, residing at the other end of the LAN segment, is the entity that 
authenticates the connected supplicant system. The authenticator system is usually an 
802.1x-supported network device, such as an H3C series switch. It provides the port (physical or 
logical) for the supplicant system to access the LAN. 
The authentication server system is the entity that provides authentication services to the 
authenticator system. The authentication server system, usually a RADIUS server, serves to 
perform Authentication, Authorization, and Accounting (AAA) services to users. It also stores user 
information, such as user name, password, the VLAN a user should belong to, priority, and any 
Access Control Lists (ACLs) to be applied. 
There are four additional basic concepts related 802.1x: port access entity (PAE), controlled port and 
uncontrolled port, the valid direction of a controlled port and the access control method on ports. 
I. 
PAE 
A port access entity (PAE) is responsible for implementing algorithms and performing protocol-related 
operations in the authentication mechanism. 
The authenticator system PAE authenticates the supplicant systems when they log into the LAN 
and controls the status (authorized/unauthorized) of the controlled ports according to the 
authentication result.  
The supplicant system PAE responds to the authentication requests received from the 
authenticator system and submits user authentication information to the authenticator system. It 
also sends authentication requests and disconnection requests to the authenticator system PAE. 
Controlled port and uncontrolled port 
The authenticator system provides ports for supplicant systems to access a LAN. Logically, a port of this 
kind is divided into a controlled port and an uncontrolled port. 
The uncontrolled port can always send and receive packets. It mainly serves to forward EAPoL 
packets to ensure that a supplicant system can send and receive authentication requests.