6.
If the identity information provided by the supplicant is valid, the authentication server sends an Access-Accept frame in which
network privileges are specified. The authenticator changes the port state to authorized and forwards an EAP Success frame.
If the identity information is invalid, the server sends an Access-Reject frame. If the port state remains unauthorized, the
authenticator forwards an EAP Failure frame.
Figure 9. EAP Port-Authentication
EAP over RADIUS
802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579.
EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for
EAP messages is 79.
Figure 10. EAP Over RADIUS
95
802.1X