DES-7200 Configuration Guide Chapter 4 802.1x Configuration
4-1
4 802.1x Configuration
This chapter describes the contents related to the AAA service configurations. The 802.1x is
used to control the authentication over network access of users, and provide authorization and
accounting functions for users.
This chapter includes:
z Overview
z Configuring 802.1x
z Viewing the Configuration and Current Statistics of the 802.1x
z Other Precautions for Configuring 802.1x
Note
For details about usage and descriptions of the CLI commands used in
this section, please refer to Configuring 802.1X command.
4.1 Overview
In an IEEE 802 LAN, users can access the network device without authorization and
authorization as long as they are connected to the network device. Therefore, an unauthorized
user can access the network unobstructed by connecting the LAN. As the wide application of
LAN technology , particularly the appearance of the operating network, it is necessary to
address the safety authentication needs of the network. It has become the focus of concerns in
the industry that how to provide user with the authentication on the legality of network or
device access on the basis of simple and cheap Ethernet technologies. The IEEE 802.1x
protocol is developed under such a context.
As a Port-Based Network Access Control standard, the IEEE802.1x provides LAN access
point-to-point security access. Specially designed by the IEEE Standardization Commission to
tackle the safety defects of Ethernet, this standard can provide a means to authenticate the
devices and users connected to the LAN by utilizing the advantages of IEEE 802 LAN.
The IEEE 802.1x defines a mode based on Client-Server to restrict unauthorized users from
accessing the network. Before a client can access the network, it must first pass the
authentication of the authentication server.
Before the client passes the authentication, only the EAPOL (Extensible Authentication
Protocol over LAN) packets can be transmitted over the network. After successful
authentication, normal data streams can be transmitted over the network.