Nortel 450-24t 用户指南

BayStack 450 10/100/1000 Series Switches

309978-D Rev 01

1-21

The EAPOL-based security feature uses the Extensible Authentication Protocol 
(EAP), as described in the IEEE Draft P802.1X, to allow you to set up network 
access control on internal LANs. EAP allows the exchange of authentication 
information between any end station or server connected to the switch and an 
authentication server (such as a RADIUS server). This feature operates in 
conjunction with a RADIUS-based server to extend the benefits of remote 
authentication to internal LAN clients (see “RADIUS-Based Security” on 
page 1-28).

This section covers the following topics:

•

“Security Example” (page 1-21)

•

“Overview and Terms” (page 1-23)

•

“Dynamic VLAN Assignment” (page 1-24)

•

•

“Authentication Process” (page 1-26)

•

•

“Configuration Rules” (page 1-28)

For instructions on using the console interface (CI) to set up EAPOL-based 
security, see “EAPOL Security Configuration” on page 3-40.

See also Appendix E, “Quick Steps to Features,” for configuration flowcharts that 
can help you use this feature.

The following example illustrates how the BayStack 450 switch, configured with 
the EAPOL-based security feature, reacts to a new network connection:

1.

The switch detects a new connection on one of its ports (Figure 1-7).

a.

The switch requests a user ID from the new client (1).

b.

EAPOL encapsulates and forwards the user ID to the RADIUS server (2). 

c.

The RADIUS server requests the user’s password (3).

2.

The new client forwards an encrypted password to the switch, within the 
EAPOL packet (Figure 1-8).