The switch port state determines whether the client is granted access to the network. The
port starts in the unauthorized state. While in this state, the port disallows all ingress and
egress traf?¬?c except for 802.1X protocol packets. When a client is successfully
authenticated, the port transitions to the authorized state, allowing all traf?¬?c for the client
to ?¬‚ow normally.
If the switch requests the client identity (authenticator initiation) and the client does not
support 802.1X, the port remains in the unauthorized state, and the client is not granted
access to the network.
When an 802.1X-enabled client connects to a port and initiates the authentication process
(supplicant initiation) by sending an EAPOL-start frame to a switch that is not running
802.1X, and no response is received, the client begins sending frames as if the port is in the
authorized state.
If the client is successfully authenticated (receives an Accept frame from the authentication
server), the port state changes to authorized, and all frames from the authenticated client
are allowed through the port.
If the authentication fails, the port remains in the unauthorized state, but authentication can
be retried.
Pages:
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136