Packet exchange
method
EAP termination
EAP relay
Figure 33
shows the basic 802.1X authentication procedure in EAP relay mode, assuming that
EAP-MD5 is used.
Figure 33 802.1X authentication procedure in EAP relay mode
Client
(2) EAP-Request/Identity
(3) EAP-Response/Identity
(6) EAP-Request/MD5 challenge
(7) EAP-Response/MD5 challenge
(11) EAP-Request/Identity
(12) EAP-Response/Identity
The following steps describe the 802.1X authentication procedure:
1.
When a user launches the 802.1X client and enters a registered username and password, the
802.1X client sends an EAPOL-Start packet to the access device.
2.
The access device responds with an Identity EAP-Request packet to ask for the client
username.
Benefits
Works with any RADIUS server
that supports PAP or CHAP
authentication.
Device
EAPOL
(1) EAPOL-Start
(10) EAP-Success
Port authorized
...
(13) EAPOL-Logoff
Port unauthorized
(14) EAP-Failure
Limitations
•
•
EAPOR
(4) RADIUS Access-Request
(EAP-Response/Identity)
(5) RADIUS Access-Challenge
(EAP-Request/MD5 challenge)
(8) RADIUS Access-Request
(EAP-Response/MD5 challenge)
(9) RADIUS Access-Accept
(EAP-Success)
73
Supports only the following EAP
authentication methods:
MD5-Challenge EAP
authentication.
The username and password
EAP authentication initiated by
an HPE iNode 802.1X client.
The processing is complex on the
access device.
Authentication server