Documente Academic
Documente Profesional
Documente Cultură
Learning Targets
Authentication, Authorization & Accounting
Password Management
User Accounts
Brute Force Attack
Securing the Network
Client/Server Model
EAPoL Exchange
Security Server
Port Security
Static MAC address-based authentication
IEEE 802.1x Authentication
IEEE 802.1x and MAC address based Authentication
Note: Failed logins must happen within 10 minutes of each other to be considered malicious
behavior.
The Supplicant and the Authenticator begin the conversation by negotiating the use of EAP. Once EAP is
negotiated, the Authenticator sends an EAP-Request/Identity message to the Supplicant. The Supplicant
supplies the EAP-Response/Identity message indicating to the Authenticator that it should proceed with
authentication.
The Authenticator acts as a pass-through and encapsulates the EAP-Response within an EAP-message
attribute sent to the Authentication Server (RADIUS Server) within a RADIUS Access-Request message.
The authentication process at this stage is completed and the port state changes to Authorized. The port
state changes to Unauthorized when the link state on the port changes from UP to DOWN, or, the
Authenticator receives an EAPOL-Logoff message.