Huawei Quidway S3100 Series Operation Manual page 207

Operation Manual – 802.1x
Quidway S3100 Series Ethernet Switches
The Data field differs with the Code field.
A Success or Failure packet, whose format is shown in Figure 1-5, does not contain the
Data field, so has the Length field of 4.
Type
Figure 1-5 Data field
In a Success or Failure packet, the Type field specifies the EAP authentication type. A
Type value of 1 indicates Identity and that the packet is used to query the identity of the
peer. A type value of 4 represents MD5-Challenge (similar to PPP CHAP) and indicates
that the packet includes query information.
III. Newly added fields for EAP authentication
Two fields, EAP-message and Message-authenticator, are added to a RADIUS
protocol packet for EAP authentication. (Refer to the Introduction to RADIUS protocol
section in the AAA and RADIUS Operation Manual for format of a RADIUS protocol
packet.)
The EAP-message field, shown in Figure 1-6, is used to encapsulate EAP packets. The
maximum size of the string field is 253 bytes. EAP packets with their size larger than
253 bytes are fragmented and stored in multiple EAP-message fields. The type code of
the EAP-message field is 79.
0 0
Type Type
Figure 1-6 The format of an EAP-message field
The Message-authenticator field, as shown in Figure 1-7, is used to prevent
unauthorized interception of access requesting packets during authentications using
CHAP, EAP, and so on. A packet with the EAP-message field must also have the
Message-authenticator field, otherwise the packet is regarded as invalid and is
discarded.
0
type=80
Figure 1-7 The format of an Message-authenticator fiel
Type Data
s
1 1 2 2
Length Length
EAP packet EAP packet
1 2
length=18
Huawei Technologies Proprietary
1-5
Chapter 1 802.1x Configuration
String String
17
string...
d