KTI Networks KGS-612F user manual

Page 23

￿An 802.1X authenticator: This is the port on the switch that has services to offer to an end device, provided the device supplies the proper credentials.

￿An 802.1X supplicant: This is the end device; for example, a PC that connects to a switch that is requesting to use the services (port) of the device. The 802.1X supplicant must be able to respond to communicate.

￿An 802.1X authentication server: This is a RADIUS server that examines the credentials provided to the authenticator from the supplicant and provides the authentication service. The authentication server is respon- sible for letting the authenticator know if services should be granted.

The 802.1X authenticator operates as a go-between with the supplicant and the authentication server to provide services to the network. When a switch is configured as an authenticator, the ports of the switch must then be configured for authorization. In an authenticator-initiated port authorization, a client is powered up or plugs into the port, and the authenticator port sends an Extensible Authentication Protocol (EAP) PDU to the supplicant requesting the identification of the supplicant. At this point in the process, the port on the switch is connected from a physical standpoint; however, the 802.1X process has not authorized the port and no frames are passed from the port on the supplicant into the switching engine. If the PC attached to the switch did not understand the EAP PDU that it was receiving from the switch, it would not be able to send an ID and the port would remain unauthorized. In this state, the port would never pass any user traffic and would be as good as disabled. If the client PC is running the 802.1X EAP, it would respond to the request with its configured ID. (This could be a username/ password combination or a certificate.)

After the switch, the authenticator receives the ID from the PC (the supplicant). The switch then passes the ID information to an authentication server (RADIUS server) that can verify the identifica- tion information. The RADIUS server responds to the switch with either a success or failure message. If the response is a success, the port will be authorized and user traffic will be allowed to pass through the port like any switch port connected to an access device. If the response is a failure, the port will remain unauthorized and, therefore, unused. If there is no response from the server, the port will also remain unauthorized and will not pass any traffic.

-23-

Page 22 Page 24
Image 23
Page 22 Page 24
Contents KGS-612F Page Trademarks Table of Contents Snmp Support Appendix. Factory Default Settings Fiber Connectivity Quality of Service802.1x Authentication Plug and PlayFront panel Rear panel FeaturesProduct Panels 10/100/1000 Copper Ports LED IndicatorsSpecifications FunctionLED Indicators Switch FunctionsEnvironmental DC Power InputSoftware Management Functions MechanicalUnpacking Safety CautionsMounting the Switch on a Wall AC Power Adapter Specifications Mounting the Switch on a Din-rail ChassisApplying Power Making UTP Connections Reset ButtonMaking Fiber Connection Installing SFP Fiber TransceiverConnecting Fiber Cables Fiber Port ConfigurationFunction State Interpretation Configuring IP Address and Password for the SwitchLED Indication Pvid Port VID Abbreviation#of bits Frame field User priorityQoS Function Priority Class Queues Egress Service PolicyPacket Priority Classification Vlan Operation 2.1 802.1Q Tag Aware Per port settingKeep Tag Per port setting Vlan FunctionPacket Tag Information Drop Untag Per Port SettingDrop Tag Per Port Setting Ingress Default Tag Per Port SettingPacket Forwarding Vlan Group Table ConfigurationVlan Classification Summary of Vlan Function Egress Settings802.1X Authentication Egress Tagging RulesPage Set IP Address for the System Unit Login to the Switch UnitStart Browser Software and Making Connection Web BrowserMonitoring ConfigurationMaintenance Main Management MenuSystem CFI Configuration DescriptionVlan Function Switch Embedded Web Server operationManagement Vlan Ports Configuration FunctionInformation Function SFP DDM StatusVLANs Vlan Configuration DescriptionPort-based Vlan Mode Example Port-based Vlan ISP ModeMode Operation Advanced Vlan Mode Ingress Default Tag Ingress Settings Tag-ignore Tag-aware Received packet type Tag Aware =Tag-ignore Vlan Groups Double Tagged in Advanced Vlan Mode Important Notes for Vlan ConfigurationSwitch Vlan Mode selection Aggregation/Trunking configurationAggregation Lacp Rstp 10 802.1X Configuration Radius IP 10.1 802.1X Re-authentication Parameters Mirroring QoS Configuration Description Quality of ServiceClass 3 ~ Class 12.1 802.1p MappingDscp Mapping Weighted ratio priority Class 3210 = 1111 weighted ratio QoS Service PolicyStorm Control Statistics Description Statistics OverviewButton Description Detailed StatisticsStatus Description Lacp StatusStatus Description Ping Description PingLogout Reboot SystemRestore Default Update FirmwareSnmp Support Port-based Vlan Mode setting System ConfigurationPorts Configuration Vlan ConfigurationLacp Port Configuration Mirroring Configuration Rstp System ConfigurationRstp Port Configuration 802.1X ConfigurationQoS Dscp Mapping Quality of Service ConfigurationQoS Service Policy QoS 802.1p MappingStorm Control Configuration
Top Page Image Contents