Xms-1024p – Luxul XMS-1024P User Manual

210

XMS-1024P

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

802.1X/RADIUS uses a Client/Server architecture with three entities: a Supplicant, an
Authenticator and an Authentication Server, as shown in the following fi gure:

Figure 12-17 Architecture of 802.1X/RADIUS Authentication

„

Supplicant: The Supplicant is an entity in the LAN and is Authenticated by the
Authenticator. The Supplicant is usually a common terminal or computer. 802.1X/
RADIUS Authentication is initiated when a user launches a RADIUS Client program
on the Supplicant. Note that the Client program must support the 802.1X/RADIUS
Authentication protocol.

„

Authenticator: The Authenticator is usually an 802.1X/RADIUS supported Network
device such as this Luxul Switch. It provides the physical Port the Supplicant uses to
access the LAN and authenticates the Supplicant.

„

Authentication Server: The Authentication Server is an entity that provides
Authentication service to the Authenticator. Normally in the form of a RADIUS
Server. The Authentication Server stores user information and performs
Authentication and Authorization. To ensure a stable Authentication system, an
Alternate Authentication Server can be specifi ed. If the main Authentication Server
is busy or unavailable, the Alternate Authentication Server can provide normal
Authentication services.

The Mechanism of 802.1X/RADIUS Authentication

An IEEE 802.1X/RADIUS Authentication System uses EAP (Extensible Authentication
Protocol) to exchange information between the Supplicant and the
Authentication Server.

„

EAP protocol packets are transmitted between the Supplicant and the Authenticator.
They are encapsulated as EAPOL packets.