I ron s hield w hite p aper



tải về 1.4 Mb.
Chế độ xem pdf
trang4/23
Chuyển đổi dữ liệu27.02.2022
Kích1.4 Mb.
#50647
1   2   3   4   5   6   7   8   9   ...   23
10480-8021xportAuth

I

RON

S

HIELD 

W

HITE 

P

APER

 

W

HITE 



P

APER


: 802.1X P

ORT 


A

UTHENTICATION 

 

W

ITH 



M

ICROSOFT


A



CTIVE 

D

IRECTORY



 

 

802.1X Port Authentication Basics 

Foundry’s implementation of 802.1X Port Authentication is based on a series of standards: 

 

•  RFC 2284 PPP Extensible Authentication Protocol (EAP)  



•  RFC 2865 Remote Authentication Dial In User Service (RADIUS)  

•  RFC 2869 RADIUS Extensions  

 

 

There are three components that are used to create an authentication mechanism based on 802.1X standards:  



Client/Supplicant, Authenticator, Authentication Server. 

 

Client/Supplicant 



 

The client, or supplicant, is the device that needs authenticating to the network. 

It supplies the username and password information to the Authenticator.  The 

client uses the Extensible Authentication Protocol (EAP) to talk to the 

Authenticator. 

 

Authenticator   



 

The Authenticator is the Foundry device performing the 802.1X port security and  

it controls access to the network.  The Authenticator receives the username and 

password information from the client, passes it onto the Authentication Server

and performs the necessary block or permit action based on the results from the 

Authentication Server.  The Authenticator uses RADIUS to speak to the 

Authentication Server. 

 

Authentication Server   



The Authentication Server validates the username and password information  

from the Client and specifies whether or not access is granted.  The 

Authentication Server may also specify optional parameters to control things 

such as VLAN access.  Foundry’s 802.1X implementation currently supports 

standard RADIUS Authentication Servers. 

 

 



802.1X Clients use the Extensible 

Authentication Protocol (EAP) and EAP Over 

LAN (EAPOL) to securely encapsulate the 

communications between the Client and 

Authenticator.  The Authenticator uses 

RADIUS to communicate with the 

Authentication Server. 

 

Before the Client is authenticated, the 



network port is set to the 

uncontrolled 

(unauthorized) state and only allows EAPOL 

authentication traffic between the Client and 

the Authentication Server.  All other normal 

data traffic is blocked.  When the client 

authentication is complete and access is 

granted, the 

controlled port is set in the 

authorized state to grant full network 

access. 

 

Figure 1.  Port Authentication Process 



March 2003 

©2003 Foundry Networks, Inc. 

 

4

 



 

Version 1.0.0 

All Rights Reserved.

 

 



 


tải về 1.4 Mb.

Chia sẻ với bạn bè của bạn:
1   2   3   4   5   6   7   8   9   ...   23



Cơ sở dữ liệu được bảo vệ bởi bản quyền ©hocday.com 2024
được sử dụng cho việc quản lý
    Quê hương
BÁO CÁO
Tài liệu