ZyXEL Communications Prestige 320W Support Notes page 41

P320W Support Notes
The EAP protocol can support multiple authentication mechanisms, such as MD5-challenge, One-Time
Passwords, Generic Token Card, TLS and TTLS etc. Typically, the authenticator will send an initial
Identity Request followed by one or more Requests for authentication information. When supplicant
receive the EAP request, it will reply associated EAP response. So far, ZyXEL Wireless AP only supports
MD-5 challenge authentication mechanism, but will support TLS and TTLS in the future.
EAPOL Exchange between 802.1x Authenticator and Supplicant
The authenticator or the supplicant can initiate authentication. If you enable 802.1x authentication on the
Wireless AP, the authenticator must initiate authentication when it determines that the Wireless link state
transitions from down to up. It then sends an EAP-request/identity frame to the 802.1x client to request its
identity (typically, the authenticator sends an initial identity/request frame followed by one or more
requests for authentication information). Upon receipt of the frame, the supplicant responds with an
EAP-response/identity frame.
However, if during bootup, the supplicant does not receive an EAP-request/identity frame from the
Wireless AP, the client can initiate authentication by sending an EAPOL-Start frame, which prompts the
switch to request the supplicant's identity. In above case, authenticator co-locate with authentication
server. When the supplicant supplies its identity, the authenticator directly exchanges EAPOL to the
supplicant until authentication succeeds or fails. If the authentication succeeds, the port becomes
authorized. If the authentication fails, the port becomes unauthorized. When the supplicant does not need
Wireless access any more, it sends EAPOL-Logoff packet to terminate its 802.1x session, the port state
will become unauthorized. The following figure shows the EAPOL exchange ping-pong chart.
41
All contents copyright (c) 2005 ZyXEL Communications Corporation.