EAPoL Authentication Process
802.1x Client
© Copyright Lenovo 2015
The clients and authenticators communicate using Extensible Authentication
Protocol (EAP), which was originally designed to run over PPP, and for which the
IEEE 802.1X Standard has defined an encapsulation method over Ethernet frames,
called EAP over LAN (EAPOL). Figure
initiated by the client.
Figure 1. Authenticating a Port Using EAPoL
EAPOL
Ethernet
Port Unauthorized
EAPOL-Start
EAP-Request (Credentials)
EAP-Response (Credentials)
EAP-Request (Credentials)
EAP-Response (Credentials)
EAP-Success
1 shows a typical message exchange
IBM Switch
Authenticator
(RADIUS Client)
Radius-Access-Request
Radius-Access-Challenge
Radius-Access-Request
Radius-Access-Accept
Port Authorized
Chapter 7: 802.1X Port-Based Network Access Control
RADIUS
Server
RADIUS-EAP
UDP/IP
91