Home » TP-Link Manuals » Hubs & Switches » TP-Link T1500G-8T » Manual Viewer

TP-Link T1500G-8T T1500G-10PSUN V1 User Guide - Page 180

EAP-MD5 Authentication Procedure

Add to My Manuals
Save this manual to your list of manuals

Page 180 highlights

Figure 12-20 EAP-MD5 Authentication Procedure (1) A supplicant system launches an 802.1X client program via its registered user name and password to initiate an access request through the sending of an EAPOL-Start packet to the switch. The 802.1X client program then forwards the packet to the switch to start the authentication process. (2) Upon receiving the authentication request packet, the switch sends an EAP-Request/Identity packet to ask the 802.1X client program for the user name. (3) The 802.1X client program responds by sending an EAP-Response/Identity packet to the switch with the user name included. The switch then encapsulates the packet in a RADIUS Access-Request packet and forwards it to the RADIUS server. (4) Upon receiving the user name from the switch, the RADIUS server retrieves the user name, finds the corresponding password by matching the user name in its database, encrypts the password using a randomly-generated key, and sends the key to the switch through an RADIUS Access-Challenge packet. The switch then sends the key to the 802.1X client program. (5) Upon receiving the key (encapsulated in an EAP-Request/MD5 Challenge packet) from the switch, the client program encrypts the password of the supplicant system with the key and sends the encrypted password (contained in an EAP-Response/MD5 Challenge packet) to the RADIUS server through the switch. (The encryption is irreversible.) (6) The RADIUS server compares the received encrypted password (contained in a RADIUS Access-Request packet) with the locally-encrypted password. If the two match, it will then send feedbacks (through a RADIUS Access-Accept packet and an EAP-Success packet) to the switch to indicate that the supplicant system is authorized. (7) The switch changes the state of the corresponding port to accepted state to allow the supplicant system access the network. And then the switch will monitor the status of supplicant by sending hand-shake packets periodically. By default, the switch will force the supplicant to log off if it cannot get the response from the supplicant for two times. 170

Section	Page
Package Contents	11
Chapter 1 About this Guide	12
1.1 Intended Readers	12
1.2 Conventions	12
1.3 Overview of This Guide	12
Chapter 2 Introduction	17
2.1 Overview of the Switch	17
2.2 Appearance Description	17
2.2.1 Front Panel	17
2.2.2 Rear Panel	21
Chapter 3 Login to the Switch	24
3.1 Login	24
3.2 Configuration	24
Chapter 4 System	26
4.1 System Info	26
4.1.1 System Summary	26
4.1.2 Device Description	27
4.1.3 System Time	28
4.1.4 Daylight Saving Time	29
4.1.5 System IP	30
4.2 User Management	32
4.2.1 User Table	32
4.2.2 User Config	32
4.3 System Tools	34
4.3.1 Boot Config	34
4.3.2 Config Restore	34
4.3.3 Config Backup	35
4.3.4 Firmware Upgrade	36
4.3.5 System Reboot	36
4.3.6 System Reset	37
4.4 Access Security	37
4.4.1 Access Control	37
4.4.2 HTTP Config	38
4.4.3 HTTPS Config	39
4.4.4 SSH Config	43
4.4.5 Telnet Config	49
Chapter 5 Switching	50
5.1 Port	50
5.1.1 Port Config	50
5.1.2 Port Mirror	51
5.1.3 Port Security	53
5.1.4 Port Isolation	55
5.1.5 Loopback Detection	56
5.2 LAG	58
5.2.1 LAG Table	58
5.2.2 Static LAG	60
5.2.3 LACP Config	61
5.3 Traffic Monitor	62
5.3.1 Traffic Summary	62
5.3.2 Traffic Statistics	63
5.4 MAC Address	65
5.4.1 Address Table	66
5.4.2 Static Address	68
5.4.3 Dynamic Address	69
5.4.4 Filtering Address	71
Chapter 6 VLAN	73
6.1 802.1Q VLAN	74
6.1.1 VLAN Config	75
6.1.2 Port Config	77
6.2 Application Example for 802.1Q VLAN	78
Chapter 7 Spanning Tree	80
7.1 STP Config	85
7.1.1 STP Config	85
7.1.2 STP Summary	87
7.2 Port Config	88
7.3 MSTP Instance	90
7.3.1 Region Config	90
7.3.2 Instance Config	91
7.3.3 Instance Port Config	92
7.4 STP Security	93
7.4.1 Port Protect	93
7.5 Application Example for STP Function	96
Chapter 8 Multicast	101
8.1 IGMP Snooping	103
8.1.1 Snooping Config	105
8.1.2 Port Config	107
8.1.3 VLAN Config	108
8.1.4 Multicast VLAN	109
8.1.5 Querier Config	113
8.1.6 Profile Config	114
8.1.7 Profile Binding	116
8.1.8 Packet Statistics	117
8.2 Multicast Table	118
8.2.1 IPv4 Multicast Table	119
8.2.2 Static IPv4 Multicast Table	119
Chapter 9 QoS	122
9.1 DiffServ	125
9.1.1 Port Priority	125
9.1.2 Schedule Mode	126
9.1.3 802.1P Priority	127
9.1.4 DSCP Priority	128
9.2 Bandwidth Control	129
9.2.1 Rate Limit	129
9.2.2 Storm Control	130
9.3 Voice VLAN	131
9.3.1 Global Config	134
9.3.2 Port Config	134
9.3.3 OUI Config	136
Chapter 10 PoE	138
10.1 PoE Config	139
10.1.1 PoE Config	139
10.1.2 PoE Profile	140
10.2 Time-Range	141
10.2.1 Time-Range Summary	141
10.2.2 Time-Range Create	142
10.2.3 Holiday Config	144
Chapter 11 ACL	145
11.1 ACL Config	145
11.1.1 ACL Summary	145
11.1.2 ACL Create	145
11.1.3 MAC ACL	146
11.1.4 Standard-IP ACL	147
11.1.5 Extend-IP ACL	147
11.2 Policy Config	148
11.2.1 Policy Summary	149
11.2.2 Policy Create	149
11.2.3 Action Create	149
11.3 ACL Binding	150
11.3.1 Binding Table	150
11.3.2 Port Binding	151
11.3.3 VLAN Binding	152
11.4 Policy Binding	153
11.4.1 Binding Table	153
11.4.2 Port Binding	154
11.4.3 VLAN Binding	155
11.5 Application Example for ACL	156
Chapter 12 Network Security	158
12.1 IP-MAC Binding	158
12.1.1 Binding Table	158
12.1.2 Manual Binding	160
12.1.3 ARP Scanning	161
12.2 DHCP Snooping	163
12.2.1 Global Config	166
12.2.2 Port Config	167
12.2.3 Option 82 Config	168
12.3 ARP Inspection	169
12.3.1 ARP Detect	172
12.3.2 ARP Defend	174
12.3.3 ARP Statistics	175
12.4 DoS Defend	175
12.4.1 DoS Defend	177
12.5 802.1X	178
12.5.1 Global Config	182
12.5.2 Port Config	184
12.6 AAA	186
12.6.1 Global Config	187
12.6.2 Privilege Elevation	187
12.6.3 RADIUS Server Config	187
12.6.4 TACACS+ Server Config	188
12.6.5 Authentication Server Group Config	189
12.6.6 Authentication Method List Config	191
12.6.7 Application Authentication List Config	192
12.6.8 802.1X Authentication Server Config	193
12.6.9 Default Settings	193
Chapter 13 SNMP	195
13.1 SNMP Config	197
13.1.1 Global Config	197
13.1.2 SNMP View	198
13.1.3 SNMP Group	199
13.1.4 SNMP User	201
13.1.5 SNMP Community	202
13.2 Notification	205
13.3 RMON	206
13.3.1 Statistics	207
13.3.2 History	208
13.3.3 Event	209
13.3.4 Alarm	210
Chapter 14 LLDP	212
14.1 Basic Config	217
14.1.1 Global Config	217
14.1.2 Port Config	218
14.2 Device Info	219
14.2.1 Local Info	219
14.2.2 Neighbor Info	221
14.3 Device Statistics	222
14.4 LLDP-MED	223
14.4.1 Global Config	224
14.4.2 Port Config	225
14.4.3 Local Info	226
14.4.4 Neighbor Info	227
Chapter 15 Maintenance	229
15.1 System Monitor	229
15.1.1 CPU Monitor	229
15.1.2 Memory Monitor	230
15.2 Log	231
15.2.1 Log Table	232
15.2.2 Local Log	233
15.2.3 Remote Log	233
15.2.4 Backup Log	234
15.3 Device Diagnostics	235
15.3.1 Cable Test	235
15.4 Network Diagnostics	236
15.4.1 Ping	236
15.4.2 Tracert	237
Appendix A: Specifications	238

Match case Limit results 1 per page

Figure 12-20 EAP-MD5 Authentication Procedure

(1)

A supplicant system launches an 802.1X client program via its registered user name and

password to initiate an access request through the sending of an EAPOL-Start packet to

the switch. The 802.1X client program then forwards the packet to the switch to start the

authentication process.

(2)

Upon

receiving

the

authentication

request

packet,

the

switch

sends

EAP-Request/Identity packet to ask the 802.1X client program for the user name.

(3)

The 802.1X client program responds by sending an EAP-Response/Identity packet to the

switch with the user name included. The switch then encapsulates the packet in a RADIUS

Access-Request packet and forwards it to the RADIUS server.

(4)

Upon receiving the user name from the switch, the RADIUS server retrieves the user name,

finds the corresponding password by matching the user name in its database, encrypts the

password using a randomly-generated key, and sends the key to the switch through an

RADIUS Access-Challenge packet. The switch then sends the key to the 802.1X client

program.

(5)

Upon receiving the key (encapsulated in an EAP-Request/MD5 Challenge packet) from the

switch, the client program encrypts the password of the supplicant system with the key

and sends the encrypted password (contained in an EAP-Response/MD5 Challenge packet)

to the RADIUS server through the switch. (The encryption is irreversible.)

(6)

The RADIUS server compares the received encrypted password (contained in a RADIUS

Access-Request packet) with the locally-encrypted password. If the two match, it will then

send feedbacks (through a RADIUS Access-Accept packet and an EAP-Success packet) to

the switch to indicate that the supplicant system is authorized.

(7)

The switch changes the state of the corresponding port to accepted state to allow the

supplicant system access the network. And then the switch will monitor the status of

supplicant by sending hand-shake packets periodically. By default, the switch will force the

supplicant to log off if it cannot get the response from the supplicant for two times.

170