AirLive SNMP-24MGB User Manual
Page 139
4. Web Management in SNMP-24MGB
AirLive SNMP-24MGB v2 User’s Manual
132
authenticator PAE and authenticator will immediately respond EAP-Request/Identity
packet.
3. The authenticator always periodically sends EAP-Request/Identity to the supplicant
for requesting the identity it wants to be authenticated.
4. If the authenticator doesn’t send EAP-Request/Identity, the supplicant will initiate
EAPOL-Start the process by sending to the authenticator.
5. And next, the Supplicant replies an EAP-Response/Identity to the authenticator. The
authenticator will embed the user ID into Radius-Access-Request command and
send it to the authentication server for confirming its identity.
6. After receiving the Radius-Access-Request, the authentication server sends
Radius-Access-Challenge to the supplicant for asking for inputting user password
via the authenticator PAE.
7. The supplicant will convert user password into the credential information, perhaps, in
MD5 format and replies an EAP-Response with this credential information as well as
the specified authentication algorithm (MD5 or OTP) to Authentication server via the
authenticator PAE. As per the value of the type field in message PDU, the
authentication server knows which algorithm should be applied to authenticate the
credential information, EAP-MD5 (Message Digest 5) or EAP-OTP (One Time
Password) or other else algorithm.
8. If user ID and password is correct, the authentication server will send a
Radius-Access-Accept to the authenticator. If not correct, the authentication server
will send a Radius-Access-Reject.
9. When the authenticator PAE receives a Radius-Access-Accept, it will send an
EAP-Success to the supplicant. At this time, the supplicant is authorized and the port
connected to the supplicant and under 802.1X control is in the authorized state. The
supplicant and other devices connected to this port can access the network. If the
authenticator receives a Radius-Access-Reject, it will send an EAP-Failure to the
supplicant. This means the supplicant is failed to authenticate. The port it connected
is in the unauthorized state, the supplicant and the devices connected to this port
won’t be allowed to access the network.
10. When the supplicant issue an EAP-Logoff message to Authentication server, the port
you are using is set to be unauthorized.