Interlogix NS3500-28T-4S User Manual User Manual

224

When the client supplies its identity, the switch begins its role as the intermediary, passing EAP frames between the

client and the authentication server until authentication succeeds or fails. If the authentication succeeds, the switch

port becomes authorized.

The specific exchange of EAP frames depends on the authentication method being used. “

Figure 4-9-2

” shows a

message exchange initiated by the client using the One-Time-Password (OTP) authentication method with a RADIUS

server.

Figure 4-9-2

EAP Message Exchange



Ports in Authorized and Unauthorized States

The switch port state determines whether or not the client is granted access to the network. The port starts in the

unauthorized

state. While in this state, the port disallows all ingress and egress traffic except for 802.1X protocol

packets. When a client is successfully authenticated, the port transitions to the authorized state, allowing all traffic for

the client to flow normally.

If a client that does not support 802.1X is connected to an unauthorized 802.1X port, the switch requests the client's

identity. In this situation, the client does not respond to the request, the port remains in the unauthorized state, and the

client is not granted access to the network.

In contrast, when an 802.1X-enabled client connects to a port that is not running the 802.1X protocol, the client