IEEE 802.1x协议中申请者的实现---中国军事计算机科技研究二

[这个贴子最后由林川在 2004/09/23 04:52am 第 1 次编辑]

  

  
摘自《兵工自动化》


　
　 作者:刘少兵1，麦永浩2，周德新1 　
　 作者单位:（1. 桂林电子工业学院 计算机科学系，广西 桂林 541004；2. 武汉大学 法学系，湖北 武汉430072）
摘要：基于端口的IEEE 802.1x访问控制协议由申请者、认证者和认证服务器三部分组成。将802.1x部署在局域网交换机上，只允许802.1x的EAPOL控制帧输入、输出。客户端向目标机提出入网申请，用状态机入口函数和状态转移函数完成申请者状态间转换，目标机将客户端身份以EAP报文载于Radius格式报文中，发给认证服务器进行802.1x认证，核实客户身份后通知交换机是否允许客户端访问LAN和交换机提供的服务。
英文题名:Implementation of Supplicant in IEEE 802.1X
Abstract: IEEE 802.1x network access control protocol based on port consists of supplicant, authenticator and authentication sever. 802.1x protocol is set on exchanger in LAN, EAPOL control frame of 802.1x is only allowed to input or output. Client server (supplicant) put forward application of joining network to target sever, state-transition of supplicant is accomplished with inteapol-pae-do-state(void) and inteapol-pae-transition-state (void). Identity of client server used as EAP message was added in Radius format message by target sever, and sent it to authentication sever and put up 802.1x authentication. After verified identity of client server, inform exchanger (authenticator) if allow client server access LAN and receive the serve supplied by exchanger.