GE MULTILINK ML1200 User Manual

CHAPTER 7: ACCESS USING RADIUS

ACCESS USING RADIUS

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

7–3

10. If the supplicant does not have the necessary credentials, a RADIUS-Access-

Deny packet is relayed to the supplicant as an EAP-Failure frame. The access
to the network continues to be blocked.

FIGURE 7–2: 802.1x authentication details

The ML1200 software implements the 802.1x authenticator. It fully conforms to the
standards as described in IEEE 802.1x, implementing all the state machines needed for
port-based authentication. The ML1200 software authenticator supports both EAPOL and
EAP over RADIUS to communicate to a standard 802.1x supplicant and RADIUS
authentication server.

The ML1200 software authenticator has the following characteristics:

• Allows control on ports using STP-based hardware functions. EAPOL frames are

Spanning Tree Protocol (STP) link Bridge PDUs (BPDU) with its own bridge multicast
address.

• Relays MD5 challenge (although not limited to) authentication protocol to RADIUS

server

• Limits the authentication of a single host per port
• The MultiLink ML1200 Managed Field Switch provides the IEEE 802.1x MIB for SNMP

management