MicroNet Technology SP1659P User Manual

Page 46

Advertising
background image

Supplicant:

It is an entity being authenticated by an authenticator. It is used to communicate with the Authenticator PAE

(Port Access Entity) by exchanging the authentication message when the Authenticator PAE request to it.

Authenticator:

An entity facilitates the authentication of the supplicant entity. It controls the state of the port, authorized or

unauthorized, according to the result of authentication message exchanged between it and a supplicant

PAE. The authenticator may request the supplicant to re-authenticate itself at a configured time period.

Once start re-authenticating the supplicant, the controlled port keeps in the authorized state until

re-authentication fails.

A port acting as an authenticator is thought to be two logical ports, a controlled port and an uncontrolled port.

A controlled port can only pass the packets when the authenticator PAE is authorized, and otherwise, an

uncontrolled port will unconditionally pass the packets with PAE group MAC address, which has the value of

01-80-c2-00-00-03 and will not be forwarded by MAC bridge, at any time.

Authentication server:

A device provides authentication service, through EAP, to an authenticator by using authentication

credentials supplied by the supplicant to determine if the supplicant is authorized to access the network

resource.

When Supplicant PAE issues a request to Authenticator PAE, Authenticator and Supplicant exchanges

authentication message. Then, Authenticator passes the request to RADIUS server to verify. Finally,

RADIUS server replies if the request is granted or denied.

While in the authentication process, the message packets, encapsulated by Extensible Authentication

Protocol over LAN (EAPOL), are exchanged between an authenticator PAE and a supplicant PAE. The

Authenticator exchanges the message to authentication server using EAP encapsulation. Before

successfully authenticating, the supplicant can only touch the authenticator to perform authentication

message exchange or access the network from the uncontrolled port.

45

Advertising
Popular Brands
Popular manuals