MS888G2 User Manual
80
Alloy Computer Products Pty Ltd Copyright ©2006
In the Fig. 3-46, this is the typical configuration, a single supplicant, an authenticator and an
authentication server. B and C are on the internal network, D is the Authentication server running
RADIUS, the switch at the central location acts as the Authenticator connecting to PC A and A is
a PC outside the controlled port, running Supplicant PAE. In this case, PC A wants to access the
services on device B and C, first, it must exchange the authentication message with the
authenticator on the port it is connected via EAPOL packet. The authenticator transfers the
supplicant’s credentials to the Authentication server for verification. If successful, the
authentication server will tell the authenticator to grant access. PC A is then allowed to access B
and C via the switch. If there are two switches directly connected together the link connecting the
two switches, may have to act as two port roles at the end of the link: authenticator and
supplicant, because the traffic is bi-directional.
Only MultiHost 802.1X authentication is supported in the MS888G2. In this mode devices
connected to an 802.1x enabled port, can access network resources once the supplicant has
been authenticated.
B
C
Authentication server
Authenticator
Fig. 3-46
A