【正文】
em,認(rèn)證系統(tǒng) – Authenticator System: Switch(邊緣交換機(jī)或無線接入設(shè)備 )是根據(jù)客戶的認(rèn)證狀態(tài)控制物理接入的設(shè)備,switch在客戶和認(rèn)證服務(wù)器間充當(dāng)代理角色 (proxy)。 Motorola, Inc. 2022 ? Supplicant System,客戶端 (PC/網(wǎng)絡(luò)設(shè)備 ) – Supplicant System: Client(客戶端)是需要接入LAN的設(shè)備(如 PC機(jī)),客戶端需要支持 EAPOL協(xié)議,客戶端必須運(yùn)行 ,如: plain, Microsoft Windows XP Motorola Document Classification, Beyond the Four Walls MOTOROLA and the Stylized M Logo are registered in the US Patent amp。 EAP: Extensible Authentication Protocol Motorola Document Classification, Beyond the Four Walls MOTOROLA and the Stylized M Logo are registered in the US Patent amp。 Motorola, Inc. 2022 什么? ? ,是一種對(duì)用戶進(jìn)行認(rèn)證的方法和策略 ? (這里的端口可以是一個(gè)實(shí)實(shí)在在的物理端口也可以是一個(gè)就像 VLAN一樣的邏輯端口,對(duì)于無線局域網(wǎng)來說個(gè)“端口”就是一條信道) ? 。 Trademark Office. All other product or service names are the property of their respective owners. 169。 Trademark Office. All other product or service names are the property of their respective owners. 169。Motorola Document Classification, Beyond the Four Walls MOTOROLA and the Stylized M Logo are registered in the US Patent amp。 Motorola, Inc. 2022 我們的目標(biāo) ? 初步認(rèn)識(shí)和了解 ? 了解 ? ? ? ? ? ? ? EAPOL協(xié)議的具體內(nèi)容 Motorola Document Classification, Beyond the Four Walls MOTOROLA and the Stylized M Logo are registered in the US Patent amp。 Motorola, Inc. 2022 ? 在 ,企業(yè)網(wǎng)上有線 LAN應(yīng)用都沒有直接控制到端口的方法。對(duì)于一個(gè)端口,如果認(rèn)證成功那么就“打開”這個(gè)端口,允許文所有的報(bào)文通過;如果認(rèn)證不成功就使這個(gè)端口保持“關(guān)閉”,此時(shí)只允許 EAPOL( Extensible Authentication Protocol over LAN)通過 Motorola Document Classification, Beyond the Four Walls MOTOROLA and the Stylized M Logo are registered in the US Patent amp。 Trademark Office. All other product or service names are the property of their respective owners. 169。 Trademark Office. All other product or service names are the property of their respective owners. 169。 switch與 client間通過 EAPOL協(xié)議進(jìn)行通訊, switch與認(rèn)證服務(wù)器間通過 EAPoRadius或 EAP承載在其他高層協(xié)議上,以便穿越復(fù)雜的網(wǎng)絡(luò)到達(dá) Authentication Server (EAP Relay); switch要求客戶端提供 identity,接收到后將 EAP報(bào)文承載在 Radius格式的報(bào)文中,再發(fā)送到認(rèn)證服務(wù)器,返回等同; switch根據(jù)認(rèn)證結(jié)果控制端口是否可用。由于 EAP 協(xié)議較為靈活,除了 IEEE 定義的端口狀態(tài)外,Authentication Server 實(shí)際上也可以用于認(rèn)證和下發(fā)更多用戶相關(guān)的信息,如 VLAN、 QOS、加密認(rèn)證密鑰、DHCP響應(yīng)等。 Trademark Office. All other product or service names are the property of their respective owners. 169。 Trademark Office. All other product or service names are the property of their respective owners. 169。 Motorola, Inc. 2022 ? 認(rèn)證通過之后的保持: –認(rèn)證端 Authenticator可以定時(shí)要求 Client重新認(rèn)證,時(shí)間可設(shè)。 Motorola, Inc. 2022 現(xiàn)在的設(shè)備( switch)端口有三種認(rèn)證方式: ? ForceAuthorized:端口一直維持授權(quán)狀態(tài), switch的 Authenticator不主動(dòng)發(fā)起認(rèn)證; ? ForceUnauthorized:端口一直維持非授權(quán)狀態(tài),忽略所有客戶端發(fā)起的認(rèn)證請(qǐng)求;