Alloy Computer Products POEGEM12T2SFP POEGEM12T2SFP User Manual , 94 Alloy Computer Products Pty Ltd Copyright 2006 , 3-16. 802.1x Configuration

The 802.1x port-based network access control provides a method to restrict users to access

network resources via authenticating user’s information. This restricts users from gaining access

to the network resources through an 802.1x-enabled port without authentication. Any user

wishing to access the network through a port under 802.1x control, must first input their account

name for authentication and then wait for the authorisation to complete before sending or

receiving any data from an 802.1x-enabled port.

Before the devices or end stations can access the network resources through the ports under

802.1x control, the devices or end stations connected to a controlled port send the authentication

request to the authenticator, the authenticator passes the request to the authentication server to

authenticate and verify the username and password, and the server then tells the authenticator if

the request has been granted access for that port.

According to IEEE802.1x, there are three components implemented. They are the Authenticator,

the Supplicant and the Authentication server.

Supplicant:

It is an entity being authenticated by an authenticator. It is used to communicate

with the Authenticator PAE (Port Access Entity) by exchanging the authentication

message when the Authenticator PAE requests it.

Authenticator:

The Authenticator controls the state of the port, authorized or unauthorized,

according to the result of the authentication message exchanged between it and

a supplicant PAE. The authenticator may request the supplicant to re-

authenticate itself at a configured time period. Once re-authentication to the

supplicant starts, the controlled port will stay in the authorised state until re-

authentication fails.

A port acting as an authenticator is thought to be two logical ports, a controlled

port and an uncontrolled port. A controlled port can only pass packets when the

authenticator PAE is authorised, otherwise, an uncontrolled port will

unconditionally pass the packets with the PAE group MAC address, which has a

value of 01-80-c2-00-00-03 and will not be forwarded by the MAC bridge, at any

time.

Authentication server:

A device that provides the authentication service, through EAP, to an

authenticator by using authentication credentials supplied by the supplicant to

determine if the supplicant is authorised to access the network resource.