hit counter script

Device Roles - Cisco 4500M Software Manual

Software guide
Table of Contents

Advertisement

Understanding 802.1X Port-Based Authentication
802.1X defines 802.1X port-based authentication as a client-server based access control and
authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly
accessible ports. An authentication server validates each supplicant (client) connected to an
authenticator (network access switch) port before making available any services offered by the switch or
the LAN.
Until a client is authenticated, only Extensible Authentication Protocol over LAN (EAPOL) traffic is
allowed through the port to which the client is connected. Once authentication succeeds, normal traffic
can pass through the port.

Device Roles

With 802.1X port-based authentication, network devices have specific roles.
of each device.
Figure 31-1 802.1X Device Roles
Workstations
Supplicants
Software Configuration Guide—Release 12.2(25)EW
31-2
Client
Catalyst 4500 Network
Access Switch
Authenticator
Client—The workstation that requests access to the LAN, and responds to requests from the switch.
The workstation must be running 802.1X-compliant client software.
For more information on 802.1X-compliant client application software such as Microsoft
Note
Windows 2000 Professional or Windows XP, refer to the Microsoft Knowledge Base article
at this URL:
http://support.microsoft.com
Authenticator—Controls physical access to the network based on the authentication status of the
client. The switch acts as an intermediary between the client and the authentication server,
requesting identity information from the client, verifying that information with the authentication
server, and relaying a response to the client. The switch encapsulates and decapsulates the
Extensible Authentication Protocol (EAP) frames and interacts with the RADIUS authentication
server.
When the switch receives EAPOL frames and relays them to the authentication server, the Ethernet
header is stripped and the remaining EAP frame is reencapsulated in the RADIUS format. The EAP
frames are not modified or examined during encapsulation, and the authentication server must
support EAP within the native frame format. When the switch receives frames from the
authentication server, the frame header is removed from the server, leaving the EAP frame, which
is then encapsulated for Ethernet and sent to the client.
Cisco devices that are capable of functioning as an 802.1X network access point include
Catalyst 4500 series switches, the Catalyst 3550 multilayer switch, the Catalyst 2950 switch, and a
Cisco Airnet series wireless access point. These devices must be running software that supports the
RADIUS client and 802.1X.
Chapter 31
Understanding and Configuring 802.1X Port-Based Authentication
RADIUS
Authentication
server
Figure 31-1
shows the roles
OL-6696-01

Advertisement

Table of Contents
loading

This manual is also suitable for:

4500 series

Table of Contents