CHAPTER 7: ACCESS USING RADIUS

ACCESS USING RADIUS

10.If the supplicant does not have the necessary credentials, a RADIUS-Access- Deny packet is relayed to the supplicant as an EAP-Failure frame. The access to the network continues to be blocked.

FIGURE 7–2: 802.1x authentication details

The ML1200 software implements the 802.1x authenticator. It fully conforms to the standards as described in IEEE 802.1x, implementing all the state machines needed for port-based authentication. The ML1200 software authenticator supports both EAPOL and EAP over RADIUS to communicate to a standard 802.1x supplicant and RADIUS authentication server.

The ML1200 software authenticator has the following characteristics:

Allows control on ports using STP-based hardware functions. EAPOL frames are Spanning Tree Protocol (STP) link Bridge PDUs (BPDU) with its own bridge multicast address.

Relays MD5 challenge (although not limited to) authentication protocol to RADIUS server

Limits the authentication of a single host per port

The MultiLink ML1200 Managed Field Switch provides the IEEE 802.1x MIB for SNMP management

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

7–3

Page 127
Image 127
GE ML1200 instruction manual 802.1x authentication details