1. Home
  2. TP-Link
  3. TP-Link T1500G-10MPS User Manual
  4. Page 179

User Manual - Page 179

For T1500G-10MPS. Also, The document are for others TP-Link models: T1500G-8T (TL-SG2008), T1500G-10PS (TL-SG2210P)

Loading ...
Loading ...
Loading ...
IEEE 802.1X authentication system uses EAP (Extensible Authentication Protocol) to exchange
information between the supplicant system and the authentication server.
1. EAP protocol packets transmitted between the supplicant system and the
authenticator system are encapsulated as EAPOL packets.
2. EAP protocol packets transmitted between the authenticator system and the RADIUS
server can either be encapsulated as EAPOR (EAP over RADIUS) packets or be
terminated at authenticator system and the authenticator system then communicate
with RADIUS servers through PAP (Password Authentication Protocol) or CHAP
(Challenge Handshake Authentication Protocol) protocol packets.
3. When a supplicant system passes the authentication, the authentication server passes
the information about the supplicant system to the authenticator system. The
authenticator system in turn determines the state (authorized or unauthorized) of the
controlled port according to the instructions (accept or reject) received from the
RADIUS server.
802.1X Authentication Procedure
An 802.1X authentication can be initiated by supplicant system or authenticator system. When
the authenticator system detects an unauthenticated supplicant in LAN, it will initiate the
802.1X authentication by sending EAP-Request/Identity packets to the supplicant. The
supplicant system can also launch an 802.1X client program to initiate an 802.1X
authentication through the sending of an EAPOL-Start packet to the switch,
This TP-Link switch can authenticate supplicant systems in EAP relay mode or EAP terminating
mode. The following illustration of these two modes will take the 802.1X authentication
procedure initiated by the supplicant system for example.
1. EAP Relay Mode
This mode is defined in 802.1X. In this mode, EAP-packets are encapsulated in higher level
protocol (such as EAPOR) packets to allow them successfully reach the authentication server.
This mode normally requires the RADIUS server to support the two fields of EAP: the
EAP-message field and the Message-authenticator field. This switch supports EAP-MD5,
EAP-TLS, EAP-TTLS and EAP-PEAP authentication way for the EAP relay mode. The following
figure describes the basic EAP-MD5 authentication procedure.
169
Loading ...
Loading ...
Loading ...