Draytek P2260 - page 85

According to IEEE802.1X, there are three components implemented. They are

An entity facilitates the authentication of the supplicant entity. It controls the state of the

port, authorized or unauthorized, according to the result of authentication message

exchanged between it and a supplicant PAE. The authenticator may request the supplicant

to re-authenticate itself at a configured time period. Once start re-authenticating the

supplicant, the controlled port keeps in the authorized state until re-authentication fails.

A port acting as an authenticator is thought to be two logical ports, a controlled port and an

uncontrolled port. A controlled port can only pass the packets when the authenticator PAE

with PAE group MAC address, which has the value of 01-80-c2-00-00-03 and will not be

issues a request to Authenticator PAE, Authenticator and Supplicant exchanges

authentication message. Then, Authenticator passes the request to RADIUS server to verify.

Finally, RADIUS server replies if the request is granted or denied.

While in the authentication process, the message packets, encapsulated by Extensible

Authentication Protocol over LAN (EAPOL), are exchanged between an authenticator PAE

and a supplicant PAE. The Authenticator exchanges the message to authentication server

using EAP encapsulation. Before successfully authenticating, the supplicant can only touch