Table of Contents
Advertisement
Operation Manual – 802.1x
Quidway S3100 Series Ethernet Switches
Supplicant
Supplicant
Supplicant
Supplicant
Supplicant
Supplicant
Supplicant
Supplicant
Supplicant
Supplicant
Supplicant
Supplicant
Supplicant
Supplicant
Supplicant
system
system
system
system
system
system
system
system
system
system
system
system
system
system
system
Figure 1-8 802.1x authentication procedure (in EAP relay mode)
The detailed procedure is as follows.
A supplicant system launches an 802.1x client to initiate an access request
through the sending of an EAPoL-start packet to the switch, with its user name and
password provided. The 802.1x client program then forwards the packet to the
switch to start the authentication process.
Upon receiving the authentication request packet, the switch sends an
EAP-request/identity packet to ask the 802.1x client for the user name.
The 802.1x program responds by sending an EAP-response/identity packet to the
switch with the user name included. The switch then encapsulates the packet in a
RADIUS Access-Request packet and forwards it to the RADIUS server.
Upon receiving the user name from the switch, the RADIUS server retrieves the
user name, finds the corresponding password by matching the user name in its
database, encrypts the password using a randomly-generated key, and sends the
key to the switch through an RADIUS access-challenge packet. The switch then
sends the key to the 802.1x client.
EAPoL
EAPoL
EAPoL
EAPoL -Start
EAPoL -Start
EAPoL -Start
-Start
-Start
-Start
-Start
-Start
-Start
-Start
-Start
-Start
-Start
-Start
-Start
EAP-Request/Identity
EAP-Request/Identity
EAP-Request/Identity
EAP-Request/Identity
EAP-Request/Identity
EAP-Request/Identity
EAP-Request/Identity
EAP-Request/Identity
EAP-Request/Identity
EAP-Request/Identity
EAP-Request/Identity
EAP-Request/Identity
EAP-Request/Identity
EAP-Request/Identity
EAP-Request/Identity
EAP-Response/Identity
EAP-Response/Identity
EAP-Response/Identity
EAP-Response/Identity
EAP-Response/Identity
EAP-Response/Identity
EAP-Response/Identity
EAP-Response/Identity
EAP-Response/Identity
EAP-Response/Identity
EAP-Response/Identity
EAP-Response/Identity
EAP-Response/Identity
EAP-Response/Identity
EAP-Response/Identity
EAP-Request/MD5 Challenge
EAP-Request/MD5 Challenge
EAP-Request/MD5 Challenge
EAP-Request/MD5 Challenge
EAP-Request/MD5 Challenge
EAP-Request/MD5 Challenge
EAP-Request/MD5 Challenge
EAP-Request/MD5 Challenge
EAP-Request/MD5 Challenge
EAP-Request/MD5 Challenge
EAP-Request/MD5 Challenge
EAP-Request/MD5 Challenge
EAP-Request/MD5 Challenge
EAP-Request/MD5 Challenge
EAP-Request/MD5 Challenge
EAP-Response/MD5 Challenge
EAP-Response/MD5 Challenge
EAP-Response/MD5 Challenge
EAP-Response/MD5 Challenge
EAP-Response/MD5 Challenge
EAP-Response/MD5 Challenge
EAP-Response/MD5 Challenge
EAP-Response/MD5 Challenge
EAP-Response/MD5 Challenge
EAP-Response/MD5 Challenge
EAP-Response/MD5 Challenge
EAP-Response/MD5 Challenge
EAP-Response/MD5 Challenge
EAP-Response/MD5 Challenge
EAP-Response/MD5 Challenge
EAP-Success
EAP-Success
EAP-Success
EAP-Success
EAP-Success
EAP-Success
EAP-Success
EAP-Success
EAP-Success
EAP-Success
EAP-Success
EAP-Success
EAP-Success
EAP-Success
EAP-Success
Handshake requesting packet
Handshake requesting packet
Handshake requesting packet
Handshake requesting packet
Handshake requesting packet
Handshake requesting packet
Handshake requesting packet
Handshake requesting packet
Handshake requesting packet
Handshake requesting packet
Handshake requesting packet
Handshake requesting packet
Handshake requesting packet
Handshake requesting packet
Handshake requesting packet
[EAP-Request/Identity]
[EAP-Request/Identity]
[EAP-Request/Identity]
[EAP-Request/Identity]
[EAP-Request/Identity]
[EAP-Request/Identity]
[EAP-Request/Identity]
[EAP-Request/Identity]
[EAP-Request/Identity]
[EAP-Request/Identity]
[EAP-Request/Identity]
[EAP-Request/Identity]
[EAP-Request/Identity]
[EAP-Request/Identity]
[EAP-Request/Identity]
Handshake response packet
Handshake response packet
Handshake response packet
Handshake response packet
Handshake response packet
Handshake response packet
Handshake response packet
Handshake response packet
Handshake response packet
Handshake response packet
Handshake response packet
Handshake response packet
Handshake response packet
Handshake response packet
Handshake response packet
[EAP-Response/Identity]
[EAP-Response/Identity]
[EAP-Response/Identity]
[EAP-Response/Identity]
[EAP-Response/Identity]
[EAP-Response/Identity]
[EAP-Response/Identity]
[EAP-Response/Identity]
[EAP-Response/Identity]
[EAP-Response/Identity]
[EAP-Response/Identity]
[EAP-Response/Identity]
[EAP-Response/Identity]
[EAP-Response/Identity]
[EAP-Response/Identity]
......
......
......
......
......
......
......
......
......
......
......
......
......
......
......
EAPoL-Logoff
EAPoL-Logoff
EAPoL-Logoff
-Logoff
-Logoff
-Logoff
-Logoff
-Logoff
-Logoff
-Logoff
-Logoff
-Logoff
-Logoff
-Logoff
-Logoff
Huawei Technologies Proprietary
EAPoR
EAPoR
EAPoR
Sw itch
Sw itch
Sw itch
Sw itch
Sw itch
Sw itch
Sw itch
Sw itch
Sw itch
Sw itch
Sw itch
Sw itch
Sw itch
Sw itch
Sw itch
RADIUS Access-Requ
RADIUS Access-Requ
RADIUS Access-Requ
RADIUS Access-Requ
RADIUS Access-Requ
RADIUS Access-Requ
RADIUS Access-Requ
RADIUS Access-Requ
RADIUS Access-Requ
RADIUS Access-Requ
RADIUS Access-Requ
RADIUS Access-Requ
RADIUS Access-Requ
RADIUS Access-Requ
RADIUS Access-Requ
(EAP-Response/Identi
(EAP-Response/Identi
(EAP-Response/Identi
(EAP-Response/Identi
(EAP-Response/Identi
(EAP-Response/Identi
(EAP-Response/Identi
(EAP-Response/Identi
(EAP-Response/Identi
(EAP-Response/Identi
(EAP-Response/Identi
(EAP-Response/Identi
(EAP-Response/Identi
(EAP-Response/Identi
(EAP-Response/Identi
RADIUS Access-Challen
RADIUS Access-Challen
RADIUS Access-Challen
RADIUS Access-Challen
RADIUS Access-Challen
RADIUS Access-Challen
RADIUS Access-Challen
RADIUS Access-Challen
RADIUS Access-Challen
RADIUS Access-Challen
RADIUS Access-Challen
RADIUS Access-Challen
RADIUS Access-Challen
RADIUS Access-Challen
RADIUS Access-Challen
(EAP-Request/MD5 Chall
(EAP-Request/MD5 Chall
(EAP-Request/MD5 Chall
(EAP-Request/MD5 Chall
(EAP-Request/MD5 Chall
(EAP-Request/MD5 Chall
(EAP-Request/MD5 Chall
(EAP-Request/MD5 Chall
(EAP-Request/MD5 Chall
(EAP-Request/MD5 Chall
(EAP-Request/MD5 Chall
(EAP-Request/MD5 Chall
(EAP-Request/MD5 Chall
(EAP-Request/MD5 Chall
(EAP-Request/MD5 Chall
RADIUS Access-Reques
RADIUS Access-Reques
RADIUS Access-Reques
RADIUS Access-Reques
RADIUS Access-Reques
RADIUS Access-Reques
RADIUS Access-Reques
RADIUS Access-Reques
RADIUS Access-Reques
RADIUS Access-Reques
RADIUS Access-Reques
RADIUS Access-Reques
RADIUS Access-Reques
RADIUS Access-Reques
RADIUS Access-Reques
(EAP-Response/MD5 Challe
(EAP-Response/MD5 Challe
(EAP-Response/MD5 Challe
(EAP-Response/MD5 Challe
(EAP-Response/MD5 Challe
(EAP-Response/MD5 Challe
(EAP-Response/MD5 Challe
(EAP-Response/MD5 Challe
(EAP-Response/MD5 Challe
(EAP-Response/MD5 Challe
(EAP-Response/MD5 Challe
(EAP-Response/MD5 Challe
(EAP-Response/MD5 Challe
(EAP-Response/MD5 Challe
(EAP-Response/MD5 Challe
RADIUS Access-Acce
RADIUS Access-Acce
RADIUS Access-Acce
RADIUS Access-Acce
RADIUS Access-Acce
RADIUS Access-Acce
RADIUS Access-Acce
RADIUS Access-Acce
RADIUS Access-Acce
RADIUS Access-Acce
RADIUS Access-Acce
RADIUS Access-Acce
RADIUS Access-Acce
RADIUS Access-Acce
RADIUS Access-Acce
(EAP-Success)
(EAP-Success)
(EAP-Success)
(EAP-Success)
(EAP-Success)
(EAP-Success)
(EAP-Success)
(EAP-Success)
(EAP-Success)
(EAP-Success)
(EAP-Success)
(EAP-Success)
(EAP-Success)
(EAP-Success)
(EAP-Success)
Port authorized
Port authorized
Port authorized
Port authorized
Port accepted
Port authorized
Port authorized
Port authorized
Port accepted
Port authorized
Port authorized
Port authorized
Port accepted
Port accepted
Port authorized
Handshake timer time out
Handshake timer time out
Handshake timer time out
Handshake timer time o
Handshake timer time o
Handshake timer time out
Handshake timer time out
Handshake timer time out
Handshake timer time o
Handshake timer time out
Handshake timer time out
Handshake timer time out
Handshake timer time o
Handshake timer time out
Handshake timer time out
Port rejected
Port rejected
Port rejected
Port rejected
1-7
Chapter 1 802.1x Configuration
RADIUS server
RADIUS server
RADIUS server
RADIUS server
RADIUS server
RADIUS server
RADIUS server
RADIUS server
RADIUS server
RADIUS server
RADIUS server
RADIUS server
RADIUS server
RADIUS server
RADIUS server
est
est
est
est
est
est
est
est
est
est
est
est
est
est
est
ty)
ty)
ty)
ty)
ty)
ty)
ty)
ty)
ty)
ty)
ty)
ty)
ty)
ty)
ty)
ge
ge
ge
ge
ge
ge
ge
ge
ge
ge
ge
ge
ge
ge
ge
enge)
enge)
enge)
enge)
enge)
enge)
enge)
enge)
enge)
enge)
enge)
enge)
enge)
enge)
enge)
t
t
t
t
t
t
t
t
t
t
t
t
t
t
t
nge)
nge)
nge)
nge)
nge)
nge)
nge)
nge)
nge)
nge)
nge)
nge)
nge)
nge)
nge)
pt
pt
pt
pt
pt
pt
pt
pt
pt
pt
pt
pt
pt
pt
pt
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
