M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E
received from the supplicant to a suitable authentication server. This allows the
verification of user credentials to determine the consequent port authorization state. It is
important to note that the authenticator’s functionality is independent of the actual
authentication method. It effectively acts as a pass-through for the authentication
exchange.
F
IGURE
68
–
802.1x network components
Supplicant
Authenticator
Authentication
Server (RADIUS)
802.1x
Switch
Supplicant
Authenticator
Authentication
Server (RADIUS)
802.1x
Switch
The RADIUS server is the authentication server. The authentication server provides a
standard way of providing Authentication, Authorization, and Accounting services to a
network. Extensible Authentication Protocol (EAP) is an authentication framework which
supports multiple authentication methods. EAP typically runs directly over data link
layers such as PPP or IEEE 802, without requiring IP. EAP over LAN (EAPOL)
encapsulates EAP packets onto 802 frames with a few extensions to handle 802
characteristics. EAP over RADIUS encapsulates EAP packets onto RADIUS packets for
relaying to RADIUS authentication servers.
The details of the 802.1x authentication are shown below
107