Dell MX5108n OS10 Enterprise Edition User Guide for PowerEdge MX IO Modules Re - Page 160
Port authentication
View all Dell MX5108n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 160 highlights
NOTE: OS10 supports only RADIUS as the back-end authentication server. The authentication process involves three devices: • Supplicant - The device attempting to access the network performs the role of supplicant. Regular traffic from this device does not reach the network until the port associated to the device is authorized. Prior to that, the supplicant can only exchange 802.1x messages (EAPOL frames) with the authenticator. • Authenticator - The authenticator is the gate keeper of the network, translating and forwarding requests and responses between the authentication server and the supplicant. The authenticator also changes the status of the port based on the results of the authentication process. The authenticator is executed on the Dell device. • Authentication-server - The authentication-server selects the authentication method, verifies the information the supplicant provides, and grants network access privileges. Port authentication The process begins when the authenticator senses a link status change from down to up: 1 The authenticator requests that the supplicant identify itself using an EAP Request Identity frame. 2 The supplicant responds with its identity in an EAP Response Identity frame. 3 The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access Request frame, and forwards the frame to the authentication server. 4 The authentication server replies with an Access Challenge frame who requests that the supplicant verifies its identity using an EAP- Method. The authenticator translates and forwards the challenge to the supplicant. 5 The supplicant negotiates the authentication method and the supplicant provides the EAP Request information in an EAP Response. Another Access Request frame translates and forwards the response to the authentication server. 160 Layer 2