When doing 802.1X port authentication, how does the switch know how reach the authentication server?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
So, while I get the supplicant-authenticator-authentication server structure (for the most part), the part that bugs me is the step when the switch starts communicating with the authentication server; the supplicant doesn't know the IP address or the MAC address of the server, and the server is probably on an entirely different network segment so the switch would have to talk to a router and need to know the server's IP---which it doesn't have from the supplicant.
So, how does that work? How does the switch know or discover how to get the authentication traffic to the authentication server?
routing switch ieee-802.1x
New contributor
add a comment |Â
up vote
2
down vote
favorite
So, while I get the supplicant-authenticator-authentication server structure (for the most part), the part that bugs me is the step when the switch starts communicating with the authentication server; the supplicant doesn't know the IP address or the MAC address of the server, and the server is probably on an entirely different network segment so the switch would have to talk to a router and need to know the server's IP---which it doesn't have from the supplicant.
So, how does that work? How does the switch know or discover how to get the authentication traffic to the authentication server?
routing switch ieee-802.1x
New contributor
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
So, while I get the supplicant-authenticator-authentication server structure (for the most part), the part that bugs me is the step when the switch starts communicating with the authentication server; the supplicant doesn't know the IP address or the MAC address of the server, and the server is probably on an entirely different network segment so the switch would have to talk to a router and need to know the server's IP---which it doesn't have from the supplicant.
So, how does that work? How does the switch know or discover how to get the authentication traffic to the authentication server?
routing switch ieee-802.1x
New contributor
So, while I get the supplicant-authenticator-authentication server structure (for the most part), the part that bugs me is the step when the switch starts communicating with the authentication server; the supplicant doesn't know the IP address or the MAC address of the server, and the server is probably on an entirely different network segment so the switch would have to talk to a router and need to know the server's IP---which it doesn't have from the supplicant.
So, how does that work? How does the switch know or discover how to get the authentication traffic to the authentication server?
routing switch ieee-802.1x
routing switch ieee-802.1x
New contributor
New contributor
New contributor
asked 1 hour ago
Xovvo
111
111
New contributor
New contributor
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
3
down vote
The protocol used between switch and authentication server is called RADIUS.
- The server address (or server addresses) have to be configured on the switch (manually)
- The switch must be configured as a "client" on the RADIUS server and both need the same shared secret in order to communicate with each other
All assuming that basic routing between switch and server is working and there are no firewalls / access lists between switch and server blocking RADIUS traffic.
add a comment |Â
up vote
1
down vote
The switch (authenticator) needs to be configured for 802.1X. One thing that needs to be configured is the address of the authentication server. It's usually an IP address and often it's routed.
The authenticator couldn't use any information from the supplicant because it can't be trusted without being authenticated (or even after).
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
The protocol used between switch and authentication server is called RADIUS.
- The server address (or server addresses) have to be configured on the switch (manually)
- The switch must be configured as a "client" on the RADIUS server and both need the same shared secret in order to communicate with each other
All assuming that basic routing between switch and server is working and there are no firewalls / access lists between switch and server blocking RADIUS traffic.
add a comment |Â
up vote
3
down vote
The protocol used between switch and authentication server is called RADIUS.
- The server address (or server addresses) have to be configured on the switch (manually)
- The switch must be configured as a "client" on the RADIUS server and both need the same shared secret in order to communicate with each other
All assuming that basic routing between switch and server is working and there are no firewalls / access lists between switch and server blocking RADIUS traffic.
add a comment |Â
up vote
3
down vote
up vote
3
down vote
The protocol used between switch and authentication server is called RADIUS.
- The server address (or server addresses) have to be configured on the switch (manually)
- The switch must be configured as a "client" on the RADIUS server and both need the same shared secret in order to communicate with each other
All assuming that basic routing between switch and server is working and there are no firewalls / access lists between switch and server blocking RADIUS traffic.
The protocol used between switch and authentication server is called RADIUS.
- The server address (or server addresses) have to be configured on the switch (manually)
- The switch must be configured as a "client" on the RADIUS server and both need the same shared secret in order to communicate with each other
All assuming that basic routing between switch and server is working and there are no firewalls / access lists between switch and server blocking RADIUS traffic.
edited 44 mins ago
jonathanjo
5,255222
5,255222
answered 57 mins ago
Jens Link
3,47411315
3,47411315
add a comment |Â
add a comment |Â
up vote
1
down vote
The switch (authenticator) needs to be configured for 802.1X. One thing that needs to be configured is the address of the authentication server. It's usually an IP address and often it's routed.
The authenticator couldn't use any information from the supplicant because it can't be trusted without being authenticated (or even after).
add a comment |Â
up vote
1
down vote
The switch (authenticator) needs to be configured for 802.1X. One thing that needs to be configured is the address of the authentication server. It's usually an IP address and often it's routed.
The authenticator couldn't use any information from the supplicant because it can't be trusted without being authenticated (or even after).
add a comment |Â
up vote
1
down vote
up vote
1
down vote
The switch (authenticator) needs to be configured for 802.1X. One thing that needs to be configured is the address of the authentication server. It's usually an IP address and often it's routed.
The authenticator couldn't use any information from the supplicant because it can't be trusted without being authenticated (or even after).
The switch (authenticator) needs to be configured for 802.1X. One thing that needs to be configured is the address of the authentication server. It's usually an IP address and often it's routed.
The authenticator couldn't use any information from the supplicant because it can't be trusted without being authenticated (or even after).
answered 56 mins ago
Zac67
19.2k21047
19.2k21047
add a comment |Â
add a comment |Â
Xovvo is a new contributor. Be nice, and check out our Code of Conduct.
Xovvo is a new contributor. Be nice, and check out our Code of Conduct.
Xovvo is a new contributor. Be nice, and check out our Code of Conduct.
Xovvo is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f53233%2fwhen-doing-802-1x-port-authentication-how-does-the-switch-know-how-reach-the-au%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password