When doing 802.1X port authentication, how does the switch know how reach the authentication server?

So, while I get the supplicant-authenticator-authentication server structure (for the most part), the part that bugs me is the step when the switch starts communicating with the authentication server; the supplicant doesn't know the IP address or the MAC address of the server, and the server is probably on an entirely different network segment so the switch would have to talk to a router and need to know the server's IP---which it doesn't have from the supplicant.

So, how does that work? How does the switch know or discover how to get the authentication traffic to the authentication server?

2 Answers
2

The protocol used between switch and authentication server is called RADIUS.

All assuming that basic routing between switch and server is working and there are no firewalls / access lists between switch and server blocking RADIUS traffic.

The switch (authenticator) needs to be configured for 802.1X. One thing that needs to be configured is the address of the authentication server. It's usually an IP address and often it's routed.

The authenticator couldn't use any information from the supplicant because it can't be trusted without being authenticated (or even after).

Thanks for contributing an answer to Network Engineering Stack Exchange!

But avoid …

To learn more, see our tips on writing great answers.

Required, but never shown

Required, but never shown

By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.