Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

iv.If the client is successfully authenticated and authorized to connect to the network, then the server notifies the switch to allow access to the client. Otherwise, access is denied and the port remains blocked.

If 802.1X (port-access) on the switch is configured for local authentication, then:

i.The switch compares the client’s credentials with the username and password config- ured in the switch (Operator or Manager level).

ii.If the client is successfully authenticated and authorized to connect to the network, then the switch allows access to the client. Otherwise, access is denied and the port remains blocked.

Switch-Port Supplicant Operation

This operation provides security on links between 802.1X-aware switches. For example, suppose that you want to connect two switches, where:

Switch “A” has port 1 configured for 802.1X supplicant operation.You want to connect port 1 on switch “A” to port 5 on switch “B”.

Switch “B”

Port 5

Port 1

Switch “A”

Port 1 Configured as an

802.1X Supplicant

LAN Core

RADIUS Server

Figure 11. Example of Supplicant Operation

1.When port 1 on switch “A” is first connected to a port on switch “B”, or if the ports are already connected and either switch reboots, port 1 begins sending start packets to port 5 on switch “B”.

If, after the supplicant port sends the configured number of start packets, it does not receive a response, it assumes that switch “B” is not 802.1X-aware, and transitions to the authenticated state. If switch “B” is operating properly and is not 802.1X-aware, then the link should begin functioning normally, but without 802.1X security.

If, after sending one or more start packets, port 1 receives a request packet from port 5, then switch “B” is operating as an 802.1X authenticator. The supplicant port then sends a response/ID packet. Switch “B” forwards this request to a RADIUS server.

32