Moxa Technologies EDS-726 user manual Message Exchange

Page 66

EDS-726 Series User’s Manual

Featured Functions

Authenticator: Edge switch or wireless access point that acts as a proxy between the supplicant and the authentication server, requesting identity information from the supplicant, verifying the information with the authentication server, and relaying a response to the supplicant.

EDS-726 acts as an authenticator in the 802.1X environment. A supplicant and an authenticator exchange EAPOL (Extensible Authentication Protocol over LAN) frames with each other. We can either use an external RADIUS server as the authentication server, or implement the authentication server in EDS-726 by using a Local User Database as the authentication look-up table. When we use an external RADIUS server as the authentication server, the authenticator and the authentication server exchange EAP frames between each other.

Authentication can be initiated either by the supplicant or the authenticator. When the supplicant initiates the authentication process, it sends an “EAPOL-Start” frame to the authenticator. When the authenticator initiates the authentication process or when it receives an “EAPOL Start” frame, it sends an “EAP Request/Identity” frame to ask for the username of the supplicant. The following actions are described below:

Message Exchange

Authentication

Clientserver (RADIUS)

EAPOL-Start

EAP-Request/Identity

EAP-Response/Identity

EAP-Request/OTP

EAP-Response/OTP

EAP-Success

RADIUS Access-Request

RADIUS Access-Challenge

RADIUS Access-Request

RADIUS Access-Accept

Port Authorized

EAPOL-Logoff

Port Unauthorized

1.When the supplicant receives an “EAP Request/Identity” frame, it sends an “EAP Response/Identity” frame with its username back to the authenticator.

2.If the RADIUS server is used as the authentication server, the authenticator relays the “EAP Response/Identity” frame from the supplicant by encapsulating it into a “RADIUS Access-Request” frame and sends to the RADIUS server. When the authentication server receives the frame, it looks up its database to check if the username exists. If the username is not present, the authentication server replies with a “RADIUS Access-Reject” frame to the authenticator if the server is a RADIUS server or just indicates failure to the authenticator if the Local User Database is used. The authenticator sends an “EAP-Failure” frame to the supplicant.

3.The RADIUS server sends a “RADIUS Access-Challenge,” which contains an “EAP Request” with an authentication type to the authenticator to ask for the password from the client. RFC 2284 defines several EAP authentication types, such as “MD5-Challenge,” “One-Time Password,” and “Generic Token Card.” Currently, only “MD5-Challenge” is supported. If the Local User Database is used, this step is skipped.

3-51

Image 66
Contents Moxa EtherDevice Switch EDS-726 Series User’s Manual First Edition, JulyCopyright Notice TrademarksDisclaimer Table of Contents Chapter EDS Configurator GUI Introduction Overview Package ChecklistFeatures Industrial Networking CapabilityUseful Utility and Remote Configuration Recommended Software and AccessoriesGetting Started RS-232 Console Configuration 115200, None, 8, 1, VT100 Connection CautionEDS-726 Series User’s Manual Key Function Configuration by Telnet Console Configuration by Web Browser EDS-726 Series User’s Manual Disabling Telnet and Browser Access Featured Functions Configuring Basic Settings System IdentificationSwitch Location PasswordSwitch Name Switch DescriptionPassword AccountAny host can access the EDS-726 Accessible IPAny host on a specific subnetwork can access the EDS-726 Allowable Hosts Input formatDescription EnablePort NameFDX Flow Control NetworkPort Transmission Speed Port TypeSwitch Subnet Mask Auto IP ConfigurationSwitch IP Address Default GatewayCurrent Date TimeCurrent Time System Up TimeSystem File Update-By Remote Tftp System File Update-By Local Import/Export Using Port Trunking System File Update-By CF CardFactory Default Port Trunking Concept Configuring Port Trunking Trunk Type Setting DescriptionTrunk Group Maximum of 4 trunk groups Member Ports/Available PortsConfiguring Snmp SnmpV1, V2c Read Community Snmp Read/Write SettingsSnmp Versions V1, V2c Write/Read CommunityTrap Settings Trap Server IP/NamePrivate MIB information Using Communication RedundancySwitch Object ID Gigabit Ethernet Redundant Ring Capability 300 msInitial Setup Turbo Ring ConceptWhen the number of EDS-726 units in the Turbo Ring is even Ring Coupling Configuring Turbo Ring STP/RSTP Concept What is STP? How STP Works STP RequirementsPort Speed Path Cost 802.1D Edition 802.1w-2001 Differences between Rstp and STP STP ConfigurationSTP Reconfiguration STP CalculationUsing STP on a Network with Multiple VLANs STP ExampleConfiguring STP/RSTP Protocol of Redundancy Forwarding DelayRoot/Not Root Bridge priorityPort Priority Configuration Limits of RSTP/STPEnable STP per Port Port CostTraffic Prioritization Concept Using Traffic PrioritizationWhat is Traffic Prioritization? How Traffic Prioritization WorksDifferentiated Services DiffServ Traffic Marking Ieee 802.1p Priority Level Ieee 802.1D Traffic TypeTraffic Prioritization Configuring Traffic Prioritization QoS ClassificationTraffic Queues Inspect TOS Default Port PriorityQueuing Mechanism Inspect COSSetting Description Factory CoS MappingTOS/DiffServ Mapping Using Virtual LAN What is a VLAN?Virtual LAN Vlan Concept Managing a Vlan VLANs and Moxa EtherDevice SwitchBenefits of VLANs Communication Between VLANsSample Applications of VLANs using Moxa EDS-726 HUBConfiguring 802.1Q Vlan Vlan Port SettingsPort Fixed Vlan List Tagged Management Vlan IDPort Pvid Port Forbidden Vlan ListConcept of Multicast Filtering Using Multicast FilteringWhat is an IP Multicast? Benefits of MulticastMulticast Filtering Network without multicast filteringQuery Mode Multicast Filtering and Moxa EtherDevice SwitchIgmp Internet Group Management Protocol Snooping Mode Igmp Multicast FilteringStatic Multicast MAC Configuring Igmp SnoopingIgmp Snooping Settings Enabling Multicast FilteringQuerier Igmp SnoopingStatic Multicast Router Port Igmp TableNone Add Static Multicast MACAdd New Static Multicast Address to the List Join PortGmrp enable Setting Description Factory Default Configuring GmrpPort Setting Description Factory Default Port Mode Setting Description Factory DefaultGmrp Table Using Bandwidth ManagementConfiguring Bandwidth Management Broadcast Storm ProtectionIeee Using Port Access ControlTraffic Rate Limiting Settings Static Port LockMessage Exchange Configuring Ieee 802.1XServer Port Database OptionRadius Server Shared Key802.1X Re-Authentication Local User Database Setup802.1X Re-Authentication Local User Database Setup Static Port Lock802.1X Table Using Auto Warning Configuring Email WarningEmail Alarm Events Settings System Event MoxaEtherDeviceSwitch0001@SwitchLocationEvent Types Port EventEmail Settings Configuring Relay Event Types Configuring Relay WarningRelay Alarm Events Settings Activate your settingsRelay Alarm List Override relay alarm settingsConfiguring Line-Swap Fast Recovery Using Line-Swap-Fast-RecoveryUsing Set Device IP Enable Line-Swap-Fast-RecoveryConfiguring Set Device IP Set up the connected devicesOutput data stream Using DiagnosisMirror Port Bi-directionalUsing Monitor Monitor by SwitchPing Using the MAC Address Table Monitor by PortUsing Event Log ALLEDS Configurator GUI Starting EDS Configurator Broadcast SearchUpgrade Firmware Search by IP addressModify IP Address Export Configuration Import Configuration Unlock Server EDS-726 Series User’s Manual MIB II.4 IP Group MIB II.1 System GroupMIB II.2 Interfaces Group MIB II.5 Icmp GroupMIB II.10 Transmission Group MIB II.11 Snmp GroupMIB II.17 dot1dBridge Group Public Traps Private TrapsModular Managed Switch System, EDS-72610G InterfacePower Gigabit Ethernet Interface Module, IM seriesMechanical Fast Ethernet Interface Module, IM series Optical FiberInterface Environmental Regulatory ApprovalsService Information Moxa Internet Services Following services are providedProblem Report Form Serial NumberProduct Return Procedure