Allied Telesis sr264-03 manual Availability

Page 6

6

Patch Release Note

7.When the supplicant sends an EAPOL-Logoff message to the authenticator the port under 802.1x control is set to unauthorised.

A successful authentication message exchange, initiated and ended by a supplicant using OTP authentication, is shown in below.

To minimise the risk of denial-of-service attacks by issuing EAPOL-Logoff messages to an Authenticator Port Access Entity (PAE) from a third party device, we recommend that 802.1x not be used in a shared media LAN.

Figure 1: Authentication Messaging Exchange Initiated by the Supplicant.

Supplicant PAE

 

Authenticator PAE

 

Authenticator Server

 

 

 

 

 

 

 

Port Unauthorised

 

 

EAPOL-Start

EAP-Request/Identity

EAP-Response/Identity

EAP-Request/OTP

EAP-Response/OTP

EAP-Success

Port Authorised

EAPOL-Logoff

 

Port Unauthorised

 

Exchange of EAPOL frames

 

 

Exchange of EAP frames carried

 

by RADIUS

8021X5

Availability

Patches can be downloaded from the Software Updates area of the Allied Telesyn web site at www.alliedtelesyn.co.nz/support/updates/patches.html. A licence or password is not required to use a patch.

Patch sr264-03 for Software Release 2.6.4 C613-10407-00 REV C

Image 6
Contents Patch sr264-03 For AT-8600 series switches IntroductionPCR Module Vrrp Level Features in sr264-03PCR Module IPG Level PCR Module SW56 LevelPCR Module IPG, Vrrp Level PCR Module Ospf LevelPCR Module Classifier Level PCR 40446 Module Dhcp LevelPCR 40374 Module PORTAUTH, User Features in sr264-02PCR Module Switch Level PCR 40414 Module TM, Core LevelAuthentication Server Steps in the Authentication ProcessAvailability