Nortel 450-24t 用户指南
BayStack 450 10/100/1000 Series Switches
309978-D Rev 01
1-21
EAPOL-Based Security
The EAPOL-based security feature uses the Extensible Authentication Protocol
(EAP), as described in the IEEE Draft P802.1X, to allow you to set up network
access control on internal LANs. EAP allows the exchange of authentication
information between any end station or server connected to the switch and an
authentication server (such as a RADIUS server). This feature operates in
conjunction with a RADIUS-based server to extend the benefits of remote
authentication to internal LAN clients (see “RADIUS-Based Security” on
page 1-28).
(EAP), as described in the IEEE Draft P802.1X, to allow you to set up network
access control on internal LANs. EAP allows the exchange of authentication
information between any end station or server connected to the switch and an
authentication server (such as a RADIUS server). This feature operates in
conjunction with a RADIUS-based server to extend the benefits of remote
authentication to internal LAN clients (see “RADIUS-Based Security” on
page 1-28).
This section covers the following topics:
•
•
•
•
•
•
•
For instructions on using the console interface (CI) to set up EAPOL-based
security, see “EAPOL Security Configuration” on page 3-40.
security, see “EAPOL Security Configuration” on page 3-40.
See also Appendix E, “Quick Steps to Features,” for configuration flowcharts that
can help you use this feature.
can help you use this feature.
Security Example
The following example illustrates how the BayStack 450 switch, configured with
the EAPOL-based security feature, reacts to a new network connection:
the EAPOL-based security feature, reacts to a new network connection:
1.
The switch detects a new connection on one of its ports (Figure 1-7).
a.
The switch requests a user ID from the new client (1).
b.
EAPOL encapsulates and forwards the user ID to the RADIUS server (2).
c.
The RADIUS server requests the user’s password (3).
2.
The new client forwards an encrypted password to the switch, within the
EAPOL packet (Figure 1-8).
EAPOL packet (Figure 1-8).