Eap Relay - HP 5920 Series Configuration Manual
Hide thumbs
Also See for 5920 Series:
- Command reference manual (607 pages) ,
- Configuration manual (424 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
Packet exchange method
EAP relay
EAP termination
EAP relay
Figure 29
shows the basic 802.1X authentication procedure in EAP relay mode, assuming that EAP-MD5
is used.
Figure 29 802.1X authentication procedure in EAP relay mode
Client
(2) EAP-Request/Identity
(3) EAP-Response/Identity
(6) EAP-Request/MD5 challenge
(7) EAP-Response/MD5 challenge
(11) EAP-Request/Identity
(12) EAP-Response/Identity
When a user launches the 802.1X client software and enters a registered username and password,
1.
the 802.1X client software sends an EAPOL-Start packet to the network access device.
Benefits
•
Supports various EAP
authentication methods.
•
The configuration and
processing is simple on the
network access device.
Works with any RADIUS server that
supports PAP or CHAP
authentication.
Device
EAPOL
(1) EAPOL-Start
(10) EAP-Success
Port authorized
...
(13) EAPOL-Logoff
Port unauthorized
(14) EAP-Failure
Limitations
The RADIUS server must support the
EAP-Message and
Message-Authenticator attributes, and
the EAP authentication method used by
the client.
•
•
EAPOR
(4) RADIUS Access-Request
(EAP-Response/Identity)
(5) RADIUS Access-Challenge
(EAP-Request/MD5 challenge)
(8) RADIUS Access-Request
(EAP-Response/MD5 challenge)
(9) RADIUS Access-Accept
(EAP-Success)
62
Supports only MD5-Challenge EAP
authentication and the "username +
password" EAP authentication
initiated by an HP iNode 802.1X
client.
The processing is complex on the
network access device.
Authentication server
Advertisement
Table of Contents
Troubleshooting
