802.1X Authentication Procedures; Comparing Eap Relay And Eap Termination - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
802.1X authentication procedures
802.1X authentication has two methods: EAP relay and EAP termination. You choose either mode
depending on support of the RADIUS server for EAP packets and EAP authentication methods.
•
EAP relay mode.
EAP relay is defined in IEEE 802.1X. In this mode, the network device uses EAPOR packets to
send authentication information to the RADIUS server, as shown in
Figure 31 EAP relay
In EAP relay mode, the client must use the same authentication method as the RADIUS server.
On the access device, you only need to use the dot1x authentication-method eap command
to enable EAP relay.
You cannot use EAP relay if the RADIUS server does not support any EAP authentication
method or no RADIUS server is available.
•
EAP termination mode.
As shown in
mode:
a. Terminates the EAP packets received from the client.
b. Encapsulates the client authentication information in standard RADIUS packets.
c. Uses PAP or CHAP to authenticate to the RADIUS server.
Figure 32 EAP termination
Comparing EAP relay and EAP termination
Packet exchange
method
EAP relay
Figure
32, the access device performs the following operations in EAP termination
Benefits
•
Supports various EAP
authentication methods.
•
The configuration and
processing are simple on the
access device.
Limitations
The RADIUS server must support the
EAP-Message and
Message-Authenticator attributes, and
the EAP authentication method used by
the client.
72
Figure
31.
Advertisement
Table of Contents
Troubleshooting
