АМАТЕК AN-SGM28P24-400 Руководство по интерфейсу командной строки CLI онлайн [173/322] 598614

172 / 322

Client initiated authentication protocol interaction

When users need to access the network, the client sends the first EAPOL-Start to exchange

requests received after the authentication request authentication, the switch sends the

EAP-Request request user name, the client send EAP-Response, switch EAP information

extracted from the package in the RADIUS package sent to the authentication server, the

authentication server requests the user password, switch to send EAP-Request to the client request

user password the client EAP-Response, echo switch, EAP information is encapsulated in the

RADIUS authentication server to send packets, according to the authentication server

authenticates the user name and password. If the authentication is successful, the authentication

server notifies the switch, the switch sends EAP-Success to the client and the user's logical port is

in the authorized state. When the client receives EAP-Success, the authentication is successful,

and the user can access the network。

When the user no longer needs to use the network, the client sends EAPOL-Logoff to the

switch, and the switch transfers the user's logical port state to an unauthorized state, when the user

can not access the network。

In order to prevent the abnormal client offline, switch provides a mechanism for re

certification, the time interval can be set in the re certification on the switch, when the

authentication time arrives, the switch initiated re certification, if authentication is successful, the

user can continue to use the network, if authentication fails, the user will not use the network.

Protocol interaction as shown below。