Dell Force10 C150 Configuration Manual page 108
Ftos configuration guide ftos 8.4.2.7 e-series terascale, c-series, s-series (s50/s25)
Hide thumbs
Also See for Force10 C150:
- Manual (57 pages) ,
- Manual (66 pages) ,
- Quick start manual (33 pages)
Table of Contents
Advertisement
802.1X employs Extensible Authentication Protocol (EAP)* to transfer a device's credentials to an
authentication server (typically RADIUS) via a mandatory intermediary network access device, in this
case, a Dell Force10 switch. The network access device mediates all communication between the end-user
device and the authentication server so that the network remains secure. The network access device uses
EAP over Ethernet (EAPOL) to communicate with the end-user device and EAP over RADIUS to
communicate with the server.
End-user Device
Figure 7-1
Note: FTOS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and
*
MS-CHAPv2 with PEAP.
Figure 7-1. EAPOL Frame Format
Preamble
Start Frame
Delimiter
The authentication process involves three devices:
•
The device attempting to access the network is the supplicant. The supplicant is not allowed to
communicate on the network until the port is authorized by the authenticator. It can only communicate
with the authenticator in response to 802.1X requests.
•
The device with which the supplicant communicates is the authenticator. The authenicator is the gate
keeper of the network. It translates and forwards requests and responses between the authentication
server and the supplicant. The authenticator also changes the status of the port based on the results of
the authentication process. The Dell Force10 switch is the authenticator.
108
|
802.1X
Force10 switch
EAP over LAN (EAPOL)
and
Figure
show how EAP frames are encapsulated in Ethernet and Radius frames.
Source MAC
Destination MAC
Ethernet Type
(1:80:c2:00:00:03)
(Auth Port MAC)
(0x888e)
Protocol Version
Range: 0-4
Range: 0-4
(1)
Type: 0: EAP Packet
Type: 0: EAP Packet
1: EAPOL Start
1: EAPOL Start
2: EAPOL Logoff
2: EAPOL Logoff
3: EAPOL Key
3: EAPOL Key
4: EAPOL Encapsulated-ASF-Alert
4: EAPOL Encapsulated-ASF-Alert
Range: 1-4
Codes: 1: Request
2: Response
3: Success
4: Failure
RADIUS Server
EAP over RADIUS
EAPOL Frame
Packet Type
Length
Code
ID
Length
(0-4)
(Seq Number)
Range: 1-255
Codes: 1: Identity
2: Notification
EAP-Method
3: NAK
Code
4: MD-5 Challenge
(0-255)
5: One-Time Challenge
6: Generic Token Card
FCS
Padding
EAP Frame
EAP-Method Frame
Length
EAP-Method Data
(Supplicant Requested Credentials)
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
