The authentication server has a database of client MAC addresses that are allowed to access the network.
After detecting a client on an 802.1X port, the authenticator waits for an Ethernet frame from the client.
The authenticator sends an Access-Request message using the MAC address of the endpoint as both the username and the password to the RADIUS server.
The RADIUS server can then compare the MAC address against entries in its policy database to make authorization decisions.
If an EAPOL packet is detected on the interface during the lifetime of the link, the authenticator determines that the device connected to that interface is an 802.1X-capable supplicant and uses 802.1X authentication (not MAB) to authorize the interface
- A method to allow exemptions from 802.1X authentication
- Certain MAC addresses skip the regular authentication process
- MAC address sent in RADIUS Access-Request message
- Exempted MAC addresses defined as endpoints on the server
No comments:
Post a Comment