6

Patch Release Note

7.When the supplicant sends an EAPOL-Logoff message to the authenticator the port under 802.1x control is set to unauthorised.

A successful authentication message exchange, initiated and ended by a supplicant using OTP authentication, is shown in below.

To minimise the risk of denial-of-service attacks by issuing EAPOL-Logoff messages to an Authenticator Port Access Entity (PAE) from a third party device, we recommend that 802.1x not be used in a shared media LAN.

Figure 1: Authentication Messaging Exchange Initiated by the Supplicant.

Supplicant PAE

 

Authenticator PAE

 

Authenticator Server

 

 

 

 

 

 

 

Port Unauthorised

 

 

EAPOL-Start

EAP-Request/Identity

EAP-Response/Identity

EAP-Request/OTP

EAP-Response/OTP

EAP-Success

Port Authorised

EAPOL-Logoff

 

Port Unauthorised

 

Exchange of EAPOL frames

 

 

Exchange of EAP frames carried

 

by RADIUS

8021X5

Availability

Patches can be downloaded from the Software Updates area of the Allied Telesyn web site at www.alliedtelesyn.co.nz/support/updates/patches.html. A licence or password is not required to use a patch.

Patch sr264-03 for Software Release 2.6.4 C613-10407-00 REV C

Page 5
Page 6
Image 6
Allied Telesis sr264-03 manual Availability
Page 5
Top Page Image Contents