Note: The IC35160 802.1X implementation supports following clients:
Windows XP (Microsoft)
Windows 2000 + SP4 (Microsoft)
The IC35160 802.1X implementation supports following RADIUS servers:
Internet Authentication Service (Microsoft)
The IEEE 802.1X Supplicant (or client) is the network access device requesting LAN services. The Authenticator is the network access point that has authentication enabled, and can be a wireless access point or LAN switch ports. The Authentication server performs the authentication, permitting or denying access to the network based on the client’s user name and password. The 802.1X standard specifies a Remote Authentication
•RFC 2284 PPP Extensible Authentication Protocol (EAP)
•RFC 2865 that Remote Authentication
•RFC 2869 RADIUS Extensions
Extensible Authentication Protocol (EAP) is the protocol that is used between the client and the authenticator. The 802.1X standard specifies encapsulation methods for transmitting EAP messages. Protocol Access Entity (PAE) is the 802.1X logical component of the client and authenticator that exchange EAP messages.
Since 802.1X is a perimeter security technology, network administrators should continue to deploy existing security policies to control network traffic.
Most 802.1X client implementations and some authenticator implementations use reserved group MAC address to communicate. MAC Bridges that are aware of such reserved group addresses will not propagate the EAPOL packets sent to such addresses. In these cases, the client will always be unauthorized because the switch cannot receive EAP responses from it.
The switch port through which the authenticator (the IC35160) communicates with the RADIUS server should be set to “Force Authenticated” or “No 802.1X”. Otherwise the authenticator cannot get a RADIUS response and all clients will be unauthorized.
From the Security Menu, type x to access the 802.1X Configuration Menu.
51
