UMN:CLI

User Manual

 

SURPASS hiD 6615 S223/S323 R1.5

 

 

 

4.5802.1x Authentication

To enhance security and portability of network management, there are two ways of au- thentication based on MAC address and port-based authentication which restrict clients attempting to access to port. The port-based authentication (802.1x) decides to give ac- cess to RADIUS server having the information about user who tries to access.

802.1x authentication adopts EAP (Extensible Authentication Protocol) structure. In EAP system, there are EAP-MD5 (Message Digest 5), EAP-TLS (Transport Level Security), EAP-SRP (Secure Remote Password), EAP-TTLS(Tunneled TLS) and the hiD 6615 S223/S323 supports EAP-MD5 and EAP-TLS. Accessing with user’s ID and password, EAP-MD5 is one-way Authentication based on the password. EAP-TLS accesses through the mutual authentication system of server authentication and personal authentication and it is possible to guarantee high security because of mutual authentication system.

At a request of user Authentication, from user’s PC EAPOL-Start type of packets are transmitted to authenticator and authenticator again requests identification. After getting respond about identification, request to approve access to RADIUS server and be au- thenticated by checking access through user’s information.

The following figure explains the process of 802.1x authentication.

EAPOL

(EAP over LAN)

EAP over RADIUS

RADIUS

Server

[Suppliant]

[Authenticator]

[Authentication Server]

]

EAPOL-Start

EAP-Request / Identity

EAP-Response / Identity

EAP-Request

EAP-Response

EAP-Success

RADIUS-Access-Request

RADIUS-Access-Challenge

RADIUS-Access-Request

RADIUS-Access-Accept

Fig. 4.1 Process of 802.1x Authentication

To enable 802.1x authentication on port of the hiD 6615 S223/S323, you should be able to perform the following tasks.

64

A50010-Y3-C150-2-7619

Page 64
Image 64
Siemens S323 802.1x Authentication, EAP over LAN EAP over Radius, Server Suppliant Authenticator Authentication Server