QTECH QSW-3400 Инструкция по настройке User Manual

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

320



The supplicant system is an entity on one end of the LAN segment, should be

authenticated by the access controlling unit on the other end of the link. A Supplicant

system usually is a user terminal device. Users start 802.1x authentication by starting

supplicant system software. A supplicant system should support EAPOL (Extensible

Authentication Protocol over LAN).



The authenticator system is another entity on one end of the LAN segment to

authenticate the supplicant systems connected. An authenticator system usually is a

network device supporting 802,1x protocol, providing ports to access the LAN for

supplicant systems. The ports provided can either be physical or logical.



The authentication server system is an entity to provide authentication service for

authenticator systems. The authentication server system is used to authenticate and

authorize users, as well as does fee-counting, and usually is a RADIUS (Remote

Authentication Dial-In User Service) server, which can store the relative user

information, including username, password and other parameters such as the VLAN

and ports which the user belongs to.

The three entities above concerns the following basic concepts: PAE of the port, the controlled

ports and the controlled direction.

1. PAE

PAE (Port Access Entity) is the entity to implement the operation of algorithms and protocols.



The PAE of the supplicant system is supposed to respond the authentication request

from the authenticator systems and submit user’s authentication information to the

authenticator system. It can also send authentication request and off-line request to

authenticator.



The PAE of the authenticator system authenticates the supplicant systems needing to

access the LAN via the authentication server system, and deal with the

authenticated/unauthenticated state of the controlled port according to the result of the

authentication. The authenticated state means the user is allowed to access the

network resources, the unauthenticated state means only the EAPOL messages are

allowed to be received and sent while the user is forbidden to access network

resources.

2. controlled/uncontrolled ports

The authenticator system provides ports to access the LAN for the supplicant systems. These

ports can be divided into two kinds of logical ports: controlled ports and uncontrolled ports.