Unauthenticated supplicant traffic – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Authentication Introduction and Configuration

Software Reference for x310 Series Switches

42.26

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Unauthenticated Supplicant Traffic

When any authentication is configured on a switch port, the question arises as to what the
switch does with packets that arrive into the switch port from unauthenticated
supplicants.

Unauthenticated supplicants fall into three categories listed below:

■

Newly attached supplicants, which are still in the process of their first authentication
attempt

■

Supplicants that have made an authentication attempt, but have failed
authentication

■

Supplicants that have been attached, but have not made an authentication attempt.
For example, on a port that has only 802.1X authentication enabled, any supplicant
that has no 802.1X client software will not be able to attempt 802.1X authentication.

In switches that are running the AlliedWare Plus

TM

Operating System, packets from all

these three categories of unathenticated supplicants are treated equally; no distinction is
made between these three categories. The treatment of the traffic from unauthenticated
supplicants does, however, depend on two factors:

■

Whether a Guest VLAN has been configured on the switch port to which the
supplicant is attached

■

Whether Web authentication has been configured on the switch port to which the
supplicant is attached

The rules governing the treatment of packets from unauthenticated supplicants are laid
out in the table below: