ZyXEL Communications G-3000H Bedienungsanleitung PDF herunterladen (Seite 84)

IEEE 802.1x Access Control

EAPOL Exchange between 802.1x Authenticator and Supplicant

The authenticator or the supplicant can initiate authentication. If you enable 802.1x authentication on the Wireless AP, the authenticator must initiate authentication

when it determines that the Wireless link state transitions from down to up. It then sends an EAP-request/identity frame to the 802.1x client to request its identity

(typically, the authenticator sends an initial identity/request frame followed by one or more requests for authentication information). Upon receipt of the frame, the

supplicant responds with an EAP-response/identity frame.

However, if during bootup, the supplicant does not receive an EAP-request/identity frame from the Wireless AP, the client can initiate authentication by sending an

EAPOL-Start frame, which prompts the switch to request the supplicant’s identity. In above case, authenticator co-locate with authentication server. When the

supplicant supplies its identity, the authenticator directly exchanges EAPOL to the supplicant until authentication succeeds or fails. If the authentication succeeds,

the port becomes authorized. If the authentication fails, the port becomes unauthorized. When the supplicant does not need Wireless access any more, it sends

EAPOL-Logoff packet to terminate its 802.1x session, the port state will become unauthorized. The following figure shows the EAPOL exchange ping-pong chart.

file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/8021x.htm (5 of 27)2005/7/15 下午 02:14:56