1x message exchange packets. When the client is successfully
authenticated, the port changes into the authorized state (as shown in Step 6 of Figure 11-2), thereby allowing
all traffic to flow through.
When a non-802.1x-compliant client connects to an unauthorized port, the switch has no way to assume that
the client does not support 802.1x; hence, it sends the login request asking the client for identity credentials.
Because the client does not support the 802.1x protocol, it is not able to interpret the request packet and does
not respond. Therefore, the switch denies all the packets on that port, and the port remains in the unauthorized
state.
Whereas when a 802.1x-compliant client connects to a port that is not running a 802.1x protocol, the client
keeps sending the EAPoL start packet a few times and, eventually, because there is no response from the
switch, the client begins sending packets assuming that 802.1x authentication is not required and continues
sending the packets as if the port were in authorized state. The switch does not deny or block the access,
because there is no 802.1x protocol running on that port.
Figure 11-3 shows the authentication process when the 802.
Pages:
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533