Home » TP-Link Manuals » Hubs & Switches » TP-Link TL-SL5428E » Manual Viewer

TP-Link TL-SL5428E User Guide - Page 176

Supplicant System, Authenticator System, Authentication Server System, The Mechanism of an 802.1X

UPC - 845973020873

Add to My Manuals
Save this manual to your list of manuals

Page 176 highlights

Figure 13-19 Architecture of 802.1X authentication （1） Supplicant System: The supplicant system is an entity in LAN and is authenticated by the authenticator system. The supplicant system is usually a common user terminal computer. An 802.1X authentication is initiated when a user launches client program on the supplicant system. Note that the client program must support the 802.1X authentication protocol. （2） Authenticator System: The authenticator system is usually an 802.1X-supported network device, such as this TP-LINK switch. It provides the physical or logical port for the supplicant system to access the LAN and authenticates the supplicant system. （3） Authentication Server System: The authentication server system is an entity that provides authentication service to the authenticator system. Normally in the form of a RADIUS server. Authentication Server can store user information and serve to perform authentication and authorization. To ensure a stable authentication system, an alternate authentication server can be specified. If the main authentication server is in trouble, the alternate authentication server can substitute it to provide normal authentication service. ¾ The Mechanism of an 802.1X Authentication System IEEE 802.1X authentication system uses EAP (Extensible Authentication Protocol) to exchange information between the supplicant system and the authentication server. （1） EAP protocol packets transmitted between the supplicant system and the authenticator system are encapsulated as EAPOL packets. （2） EAP protocol packets transmitted between the authenticator system and the RADIUS server can either be encapsulated as EAPOR (EAP over RADIUS) packets or be terminated at authenticator system and the authenticator system then communicate with RADIUS servers through PAP (Password Authentication Protocol) or CHAP (Challenge Handshake Authentication Protocol) protocol packets. （3） When a supplicant system passes the authentication, the authentication server passes the information about the supplicant system to the authenticator system. The authenticator system in turn determines the state (authorized or unauthorized) of the controlled port according to the instructions (accept or reject) received from the RADIUS server. ¾ 802.1X Authentication Procedure An 802.1X authentication can be initiated by supplicant system or authenticator system. When the authenticator system detects an unauthenticated supplicant in LAN, it will initiate the 802.1X 168

Section	Page
Package Contents	9
Chapter 1 About this Guide	10
1.1 Intended Readers	10
1.2 Conventions	10
1.3 Overview of This Guide	10
Chapter 2 Introduction	14
2.3.1 Front Panel	15
2.3.2 Rear Panel	16
Chapter 3 Installation	17
3.1 Precautions	17
3.2 Installation	17
3.2.1 Desktop Installation	18
3.2.2 Rack Installation	18
3.3 Connect to Ground	19
Chapter 4 Connection	22
4.1 Ethernet Ports	22
4.2 SFP Ports	22
4.3 Console Port	23
4.4 Power On	24
Chapter 5 Login to the Switch	25
5.1 Login	25
5.2 Configuration	25
Chapter 6 System	27
6.1 System Info	27
6.1.1 System Summary	27
6.1.2 Device Description	29
6.1.3 System Time	30
6.1.4 System IP	31
6.2 User Manage	32
6.2.1 User Table	32
6.2.2 User Config	32
6.3 System Tools	34
6.3.1 Config Restore	34
6.3.2 Config Backup	34
6.3.3 Firmware Upgrade	35
6.3.4 System Reboot	36
6.3.5 System Reset	36
6.4 Access Security	36
6.4.1 Access Control	36
6.4.2 SSL Config	38
6.4.3 SSH Config	39
Chapter 7 Switching	45
7.1 Port	45
7.1.1 Port Config	45
7.1.2 Port Mirror	46
7.1.3 Port Security	48
7.2 LAG	49
7.2.1 LAG Table	50
7.2.2 Static LAG	51
7.2.3 LACP Config	52
7.3 Traffic Monitor	54
7.3.1 Traffic Summary	54
7.3.2 Traffic Statistics	55
7.4 MAC Address	56
7.4.1 Address Table	57
7.4.2 Static Address	59
7.4.3 Dynamic Address	60
7.4.4 Filtering Address	62
Chapter 8 VLAN	64
8.1 802.1Q VLAN	65
8.1.1 VLAN Config	67
8.1.2 Port Config	69
8.2 MAC VLAN	71
8.2.1 MAC VLAN	71
8.2.2 Port Enable	72
8.3 Protocol VLAN	73
8.3.1 Protocol VLAN	74
8.3.2 Protocol Template	74
8.3.3 Port Enable	75
8.4 VLAN VPN	76
8.4.1 VPN Config	77
8.4.2 VLAN Mapping	78
8.4.3 Port Enable	79
8.5 GVRP	80
Chapter 9 Spanning Tree	84
9.1 STP Config	89
9.1.1 STP Config	89
9.1.2 STP Summary	91
9.2 Port Config	92
9.3 MSTP Instance	94
9.3.1 Region Config	94
9.3.2 Instance Config	95
9.3.3 Instance Port Config	96
9.4 STP Security	98
9.4.1 Port Protect	98
9.4.2 TC Protect	101
9.5 Application Example for STP Function	102
Chapter 10 Multicast	106
10.1 IGMP Snooping	108
10.1.1 Snooping Config	109
10.1.2 Port Config	110
10.1.3 VLAN Config	111
10.1.4 Multicast VLAN	113
10.2 Multicast IP	116
10.2.1 Multicast IP Table	117
10.2.2 Static Multicast IP	117
10.3 Multicast Filter	118
10.3.1 IP-Range	119
10.3.2 Port Filter	120
10.4 Packet Statistics	121
Chapter 11 QoS	123
11.1 DiffServ	126
11.1.1 Port Priority	126
11.1.2 Schedule Mode	127
11.1.3 802.1P Priority	128
11.1.4 DSCP Priority	129
11.2 Bandwidth Control	131
11.2.1 Rate Limit	131
11.2.2 Storm Control	132
11.3 Voice VLAN	133
11.3.1 Global Config	135
11.3.2 Port Config	136
11.3.3 OUI Config	137
Chapter 12 ACL	139
12.1 Time-Range	139
12.1.1 Time-Range Summary	139
12.1.2 Time-Range Create	140
12.1.3 Holiday Config	141
12.2 ACL Config	141
12.2.1 ACL Summary	142
12.2.2 ACL Create	142
12.2.3 MAC ACL	143
12.2.4 Standard-IP ACL	144
12.2.5 Extend-IP ACL	145
12.3 Policy Config	146
12.3.1 Policy Summary	146
12.3.2 Policy Create	147
12.3.3 Action Create	147
12.4 Policy Binding	149
12.4.1 Binding Table	149
12.4.2 Port Binding	149
12.4.3 VLAN Binding	150
Chapter 13 Network Security	154
13.1 IP-MAC Binding	154
13.1.1 Binding Table	154
13.1.2 Manual Binding	155
13.1.3 ARP Scanning	157
13.1.4 DHCP Snooping	158
13.2 ARP Inspection	164
13.2.1 ARP Detect	168
13.2.2 ARP Defend	169
13.2.3 ARP Statistics	170
13.5 802.1X	175
13.5.1 Global Config	179
13.5.2 Port Config	181
13.5.3 Radius Server	182
Chapter 14 SNMP	184
14.1 SNMP Config	186
14.1.1 Global Config	186
14.1.2 SNMP View	187
14.1.3 SNMP Group	188
14.1.4 SNMP User	189
14.1.5 SNMP Community	191
14.2 Notification	193
14.3 RMON	195
14.3.1 History Control	196
14.3.2 Event Config	196
14.3.3 Alarm Config	197
Chapter 15 Cluster	200
15.1 NDP	201
15.1.1 Neighbor Info	201
15.1.2 NDP Summary	202
15.1.3 NDP Config	204
15.2 NTDP	205
15.2.1 Device Table	205
15.2.2 NTDP Summary	206
15.2.3 NTDP Config	208
15.3 Cluster	209
15.3.1 Cluster Summary	209
15.3.2 Cluster Config	212
15.3.3 Member Config	214
15.3.4 Cluster Topology	215
15.4 Application Example for Cluster Function	217
Chapter 16 Maintenance	220
16.1 System Monitor	220
16.1.1 CPU Monitor	220
16.1.2 Memory Monitor	221
16.2 Log	222
16.2.1 Log Table	223
16.2.2 Local Log	223
16.2.3 Remote Log	224
16.2.4 Backup Log	225
16.3 Device Diagnose	226
16.3.1 Cable Test	226
16.3.2 Loopback	227
16.4 Network Diagnose	227
16.4.1 Ping	227
16.4.2 Tracert	228
Chapter 17 System Maintenance via FTP	230
Appendix A: Specifications	235
Appendix B: Configuring the PCs	236
Appendix C: 802.1X Client Software	239

Match case Limit results 1 per page

168

Figure 13-19 Architecture of 802.1X authentication

（

）

Supplicant System:

The supplicant system is an entity in LAN and is authenticated by the

authenticator system. The supplicant system is usually a common user terminal computer.

An 802.1X authentication is initiated when a user launches client program on the

supplicant system. Note that the client program must support the 802.1X authentication

protocol.

（

）

Authenticator System:

The authenticator system is usually an 802.1X-supported network

device, such as this TP-LINK switch. It provides the physical or logical port for the

supplicant system to access the LAN and authenticates the supplicant system.

（

）

Authentication Server System:

The authentication server system is an entity that

provides authentication service to the authenticator system. Normally in the form of a

RADIUS server. Authentication Server can store user information and serve to perform

authentication and authorization. To ensure a stable authentication system, an alternate

authentication server can be specified. If the main authentication server is in trouble, the

alternate authentication server can substitute it to provide normal authentication service.

The Mechanism of an 802.1X Authentication System

IEEE 802.1X authentication system uses EAP (Extensible Authentication Protocol) to exchange

information between the supplicant system and the authentication server.

（

）

EAP protocol packets transmitted between the supplicant system and the authenticator

system are encapsulated as EAPOL packets.

（

）

EAP protocol packets transmitted between the authenticator system and the RADIUS

server can either be encapsulated as EAPOR (EAP over RADIUS) packets or be

terminated at authenticator system and the authenticator system then communicate with

RADIUS servers through PAP (Password Authentication Protocol) or CHAP (Challenge

Handshake Authentication Protocol) protocol packets.

（

）

When a supplicant system passes the authentication, the authentication server passes the

information about the supplicant system to the authenticator system. The authenticator

system in turn determines the state (authorized or unauthorized) of the controlled port

according to the instructions (accept or reject) received from the RADIUS server.

802.1X Authentication Procedure

An 802.1X authentication can be initiated by supplicant system or authenticator system. When the

authenticator system detects an unauthenticated supplicant in LAN, it will initiate the 802.1X