802[1].1x technology white paper
- 格式:pdf
- 大小:732.00 KB
- 文档页数:30
802.1X Technology White Paper Huawei Technologies Co., Ltd. 802.1X Technology White Paper
Copyright ©2005 Huawei Technologies Co., Ltd. All Rights Reserved. i Table of Contents 1 Overview.........................................................................................................................................1 2 Basic Operating Mechanism of 802.1X.......................................................................................2 2.1 System Architecture..............................................................................................................2 2.1.1 Port PAE.....................................................................................................................3 2.1.2 Controlled Port...........................................................................................................3 2.1.3 Controlled Direction....................................................................................................4 2.2 Operating Mechanism...........................................................................................................4 2.3 Authentication Procedure.....................................................................................................5
3 Characteristics of Huawei’s 802.1X.............................................................................................5 3.1 Authentication Trigger...........................................................................................................6 3.1.1 Standard EAP Trigger................................................................................................6 3.1.2 DHCP Trigger.............................................................................................................6 3.1.3 Proprietary Trigger of Huawei....................................................................................6 3.1.4 Trigger by the Supplicant’s Static IP Address............................................................7 3.2 Authentication Mode.............................................................................................................7 3.2.1 PAP............................................................................................................................7 3.2.2 CHAP.........................................................................................................................7 3.2.3 EAP............................................................................................................................8 3.3 Authentication Server.........................................................................................................11 3.3.1 EAP Termination Mode............................................................................................11 3.3.2 EAP Relay Mode......................................................................................................12 3.3.3 Built-in Authentication Server...................................................................................13 3.4 Security Management and Service Control........................................................................13 3.4.1 MAC-based User Feature Identification...................................................................13 3.4.2 User Feature Binding...............................................................................................13 3.4.3 Supplicant Version Detection...................................................................................14 3.4.4 Transparent Transmission of Messages..................................................................15 3.4.5 Dynamic User Binding..............................................................................................15 3.4.6 Guest VLAN.............................................................................................................16 3.4.7 Re-authentication.....................................................................................................16 3.4.8 Proxy Detection........................................................................................................17 3.4.9 IP Address Management..........................................................................................19 3.4.10 Port-based User Capacity Limit.............................................................................20 3.4.11 Trunk Port Authentication.......................................................................................20 3.4.12 User Service Sending............................................................................................21 3.4.13 Unique Handshake Mechanism.............................................................................22