Intel IXM5414E manual Radius authentication, Secure Shell SSH, Local authentication

A controlled port is configured by management to be in one of three states:

ForceUnauthorized

The port is set to the unauthorized state.

ForceAuthorized

The port is set to the authorized state.

Local authentication

Local authentication matches a user ID/password combination received from the supplicant to the switch module’s local database. The switch module will transmit an EAP-Request/Identity packet to the supplicant to obtain the combination, and if a match is found will then send an EAP- Request/MD5 packet to the supplicant. The supplicant’s MD5 response is sent to the authenticator for validation. A match results in a successful authentication of the port.

/NOTE

The switch module’s Authenticator supports only the EAP-MD5 authentication type for local authentication.

RADIUS authentication

When Remote Authentication Dial-In User Service (RADIUS) authentication is used, the authenticator basically becomes a pass through to facilitate communication between the supplicant and the RADIUS server. The authenticator encapsulates the EAP messages exchanged between the supplicant and the server in either EAPoL or RADIUS frames (depending on the direction of the frame). The authenticator determines the authorization status of the port based on RADIUS Access- Accept or Access-Reject frames. The authenticator switch also needs to send and process all appropriate RADIUS attributes.

Secure Shell (SSH)

Interactive login is widely used as a means to control and/or configure an entity across a network. For decades the Telnet protocol, and its cousin rlogin, have provided this capability. However, these protocols permit the transmission of sensitive information over unprotected networks. The current standard for providing interactive login in a secure fashion is the Secure SHell (SSH).

Table 2. Secure Shell Feature Details