PLANET WGSW-52040 User Manual

Figure 42-1: The Authentication Structure of 802.1x



The supplicant system is an entity on one end of the LAN segment, should be

authenticated by the access controlling unit on the other end of the link. A Supplicant

system usually is a user terminal device. Users start 802.1x authentication by starting

supplicant system software. A supplicant system should support EAPOL (Extensible

Authentication Protocol over LAN).



The authenticator system is another entity on one end of the LAN segment to

authenticate the supplicant systems connected. An authenticator system usually is a

network device supporting 802,1x protocol, providing ports to access the LAN for

supplicant systems. The ports provided can either be physical or logical.



The authentication server system is an entity to provide authentication service for

authenticator systems. The authentication server system is used to authenticate and

authorize users, as well as does fee-counting, and usually is a RADIUS (Remote

Authentication Dial-In User Service) server, which can store the relative user information,

including username, password and other parameters such as the VLAN and ports which

the user belongs to.

The three entities above concerns the following basic concepts: PAE of the port, the controlled

ports and the controlled direction.

1. PAE

PAE (Port Access Entity) is the entity to implement the operation of algorithms and protocols.



The PAE of the supplicant system is supposed to respond the authentication request

from the authenticator systems and submit user’s authentication information to the

authenticator system. It can also send authentication request and off-line request to

authenticator.



The PAE of the authenticator system authenticates the supplicant systems needing to

42-136