Table of Contents
Advertisement
17
Security: 802.1X Authentication
Overview
Multiple methods can run at the same time. When one method finishes successfully, the client
becomes authorized, the methods with lower priority are stopped and the methods with higher
priority continue.
When one of authentication methods running simultaneously fails, the other methods
continue.
When an authentication method finishes successfully for a client authenticated by an
authentication method with a lower priority, the attributes of the new authentication method
are applied. When the new method fails, the client is left authorized with the old method.
802.1x-Based Authentication
The 802.1x-based authenticator relays transparent EAP messages between 802.1x supplicants
and authentication servers. The EAP messages between supplicants and the authenticator are
encapsulated into the 802.1x messages, and the EAP messages between the authenticator and
authentication servers are encapsulated into the RADIUS messages.
This is described in the following:
Figure 1 802.1x-Based Authentication
802.1x
RADIUS
Protocol
Protocol
Authenticaticator
EAP Protocol
Client
Authentication
Server
MAC-Based Authentication
MAC-based authentication is an alternative to 802.1X authentication that allows network
access to devices (such as printers and IP phones) that do not have the 802.1X supplicant
capability. MAC-based authentication uses the MAC address of the connecting device to grant
or deny network access.
311
Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x
Hide quick links:
Advertisement
Table of Contents
