D-Link DES-3250TG Standalone Layer 2 Switch
Figure 7- 57. The EAPOL Packet
Utilizing this method, unauthorized devices are restricted from connecting to a LAN through a port to which the user is connected. EAPOL packets are the only traffic that can be transmitted through the specific port until authorization is granted. The 802.1x Access Control method holds three roles, each of which are vital to creating and up keeping a stable and working Access Control security method.
Figure 7- 58. The three roles of 802.1x
The following section will explain the three roles of Client, Authenticator and Authentication Server in greater detail.
Authentication Server
The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator (however, the Authentication Server can be on a different subnet). Regardless, the Authentication Server must be running a RADIUS Server program, and must be configured properly on the Authenticator Switch. Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN. The role of the Authentication Server is to certify the identity of the Client attempting to access the network by exchanging secure information between the RADIUS server and the Client through EAPOL packets and, in turn, informs the Switch whether or not the Client is granted access to the LAN and/or switches services.
98