KTI Networks KGS-2404 manual

Page 72

for the login based on 802.1x port access control management. The protocol used in the right side is EAPOL and the left side is EAP.

1.At the initial stage, the supplicant A is unauthenticated and a port on switch acting as an authenticator is in unauthorized state. So the access is blocked in this stage.

2.Initiating a session. Either authenticator or supplicant can initiate the message exchange. If supplicant initiates the process, it sends EAPOL-start packet to the authenticator PAE and authenticator will immediately respond EAP-Request/Identity packet.

3.The authenticator always periodically sends EAP-Request/Identity to the supplicant for requesting the identity it wants to be authenticated.

4.If the authenticator doesn’t send EAP-Request/Identity, the supplicant will initiate EAPOL-Start the process by sending to the authenticator.

5.And next, the Supplicant replies an EAP-Response/Identity to the authenticator. The authenticator will embed the user ID into Radius- Access-Request command and send it to the authentication server for confirming its identity.

6.After receiving the Radius-Access-Request, the authentication server sends Radius-Access-Challenge to the supplicant for asking for inputting user password via the authenticator PAE.

7.The supplicant will convert user password into the credential information, perhaps, in MD5 format and replies an EAP-Response with this credential information as well as the specified authentication algorithm (MD5 or OTP) to Authentication server via the authenticator PAE. As per the value of the type field in message PDU, the authentication server knows which algorithm should be applied to authenticate the credential information, EAP-MD5 (Message Digest 5) or EAP-OTP (One Time Password) or other else algorithm.

8.If user ID and password is correct, the authentication server will send a Radius-Access-Accept to the authenticator. If not correct, the authentication server will send a Radius-Access-Reject.

9.When the authenticator PAE receives a Radius-Access-Accept, it will send an EAP-Success to the supplicant. At this time, the supplicant is authorized and the port connected to the supplicant and under 802.1x control is in the authorized state. The supplicant and other devices connected to this port can access the network. If the authenticator receives a Radius-Access-Reject, it will send an EAP-Failure to the supplicant. This means the supplicant is failed to authenticate. The port it connected is in the unauthorized state, the supplicant and the devices connected to this port won’t be allowed to access the network.

66

Page 71 Page 73
Image 72
Page 71 Page 73
Contents KGS-2404 Page Release Table of Contents 100 06/28/2007 03/13/2007 02/10/2007 Federal Communications Commission FCC StatementAbout this user’s manual Overview of 24-Port GbE Web Smart Switch Key Features in the DeviceVlan Checklist FeaturesHardware ManagementPage View of 24-Port GbE Web Smart Switch User Interfaces on the Front Panel Button, LEDs and PlugsLED Indicators User Interfaces on the Rear PanelSystem LED 10/100/1000Ethernet TP Port 1 to 24 LEDView of the Optional Modules Front View of 1000Base-SX/LX LC, SFP Fiber TransceiverStarting 24-Port GbE Web Smart Switch Up Hardware and Cable InstallationConnecting the SFP Module to the Chassis TP Port and Cable Installation Power OnCabling Requirements Firmware LoadingCabling Requirements for TP Ports Cabling Requirements for 1000SX/LX SFP Module1000Base-X TP, Fiber 100Base-TX TP 100Base-FX Fiber Typical Network Topology in DeploymentNo Vlan Configuration Diagram Case 2b Port-based Vlan See -4 Page Managing 24-Port GbE Web Smart Switch through Ethernet Port Management through Ethernet PortLogin Screen for Web IP Address Assignment110 10000000.00000001.00000010.1 Prefix Length No. of IP matched No. of Addressable IP Page Typical Applications 10 Network Connection between Remote Site and Central Site11 Peer-to-peer Network Connection Basic Concept Management What’s the EthernetIEEE802.3 CSMA/CD MAC Snap STP BpduARP Media Access Control MAC SAP FormatPRE SFD FCSPage How does a MAC work? Bytes DTE Flow Control Page Bits How does a switch work? Collision Domain Page Page Virtual LAN Page CFI Tag FormatPage Page VID Link Aggregation 10 Example of Link Aggregation Application Operation of Web-based Management Web Management Home Overview Information of Page Layout Lacp Rstp SnmpSystem Configuration Function descriptionPage Page Port Configuration ON/OFFVlan Mode Configuration Port ConfigurationSelect Vlan Mode Vlan Group Configuration VIDAdd or Remove Vlan Member Page 10 Aggregation/Trunking Configuration Aggregation11 Lacp Port Configuration LacpRstp Rstp Port Configuration Page Page Page Port Mode Port Control Authentication Port Status Radius IP 16 802.1X Configuration 802.1x Parameters Igmp Snooping Vlan IDMirror Configuration 20 Mirror ports configurationQoSQuality of Service Configuration 21 QoS ConfigurationQoS Configuration Dscp Setting Filter Dhcp24 Filter Configuration 25 Rate Limit Configuration Rate Limit26 Storm Control Configuration Storm ControlPage Snmp Parameters description27 Snmp Configuration Monitoring Statistics Overview28 Statistics Overview for all ports Detailed Statistics Page 29 Detailed Statistics for each port Lacp Status 30 Lacp StatusRstp Status 31 Rstp Status Igmp Status Ping Status 32 Igmp Status33 Ping Maintenance Warm Restart 34 Warm RestartFactory Default Software Upgrade 36 Software UpgradeConfiguration File Transfer Function descriptionLogout Resolving No Link Condition Q&AAppendix a Technical Specifications ƒ Network Interface SFPƒ MAC Address and Self-learning 8K MAC address ƒ Cable and Maximum Lengthƒ Diagnostic LED ƒ Power RequirementAmbient Temperature DimensionsManagement Software Specifications PRIVATE-GESM-SW24L-MIB Definitions = Begin Imports From RFC1213-MIBFrom RFC1155-SMI OBJECT-TYPE
Top Page Image Contents