Chapter 18 Port Authentication
credentials, the Switch sends an authentication request to a RADIUS server. The RADIUS server validates whether this client is allowed access to the port.
Figure 78 IEEE 802.1x Authentication Process
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
| New Connection |
|
| 2 |
|
|
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||||
|
|
|
| Identity Request |
|
|
|
|
|
|
|
|
|
| |||||
3 |
|
|
|
|
|
|
|
|
|
| 4 |
|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
|
|
| Login Credentials |
|
|
|
|
|
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
|
| 6 |
|
| Authentication Request |
|
| 5 | |||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Access Challenge |
| |||
|
|
|
| Challenge Request |
|
|
|
|
|
| |||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||||||
7 |
|
|
|
|
|
|
|
|
|
| 8 |
|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
| Challenge Response |
|
|
|
|
|
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
| Access Request |
| |||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Authentication Reply |
| |||
|
|
|
| Session Granted/Denied |
| ||||||||||||||
18.1.2 MAC Authentication
MAC authentication works in a very similar way to IEEE 802.1x authentication. The main difference is that the Switch does not prompt the client for login credentials. The login credentials are based on the source MAC address of the
188 |
| |
| ||
|
|
|