Siemens S323, S223 user manual 802.1x Authentication, EAP over LAN EAP over Radius

4.5802.1x Authentication

To enhance security and portability of network management, there are two ways of au- thentication based on MAC address and port-based authentication which restrict clients attempting to access to port. The port-based authentication (802.1x) decides to give ac- cess to RADIUS server having the information about user who tries to access.

802.1x authentication adopts EAP (Extensible Authentication Protocol) structure. In EAP system, there are EAP-MD5 (Message Digest 5), EAP-TLS (Transport Level Security), EAP-SRP (Secure Remote Password), EAP-TTLS(Tunneled TLS) and the hiD 6615 S223/S323 supports EAP-MD5 and EAP-TLS. Accessing with user’s ID and password, EAP-MD5 is one-way Authentication based on the password. EAP-TLS accesses through the mutual authentication system of server authentication and personal authentication and it is possible to guarantee high security because of mutual authentication system.

At a request of user Authentication, from user’s PC EAPOL-Start type of packets are transmitted to authenticator and authenticator again requests identification. After getting respond about identification, request to approve access to RADIUS server and be au- thenticated by checking access through user’s information.

The following figure explains the process of 802.1x authentication.

Fig. 4.1 Process of 802.1x Authentication

To enable 802.1x authentication on port of the hiD 6615 S223/S323, you should be able to perform the following tasks.