Authentication Procedure; Eap Relay - HP A6600 Configuration Manual
Hide thumbs
Also See for A6600:
- Configuration manual (426 pages) ,
- Getting started (222 pages) ,
- Limited warranty (41 pages)
Table of Contents
Advertisement
Authentication procedure
The 802.1X authentication procedure varies with the way the network access device handles EAP
messages.
EAP relay
EAP relay is defined in IEEE 802.1X. In this mode, EAP packets are carried in an upper layer protocol
such as RADIUS so that they can go through complex networks to reach the authentication server. EAP
relay requires that the RADIUS server support the EAP-Message and Message-Authenticator attributes.
Figure 34
shows the EAP packet exchange procedure with EAP-MD5.
Figure 34 802.1X authentication procedure in EAP relay mode
Client
(2) EAP-Request/Identity
(3) EAP-Response/Identity
(6) EAP-Request/MD5 challenge
(7) EAP-Response/MD5 challenge
(11) Handshake request
(EAP-Request/Identity )
(12) Handshake response
(EAP-Response/Identity )
(13) EAPOL-Logoff
When a user launches the 802.1X client software and enters a registered username and password,
1.
the 802.1X client software generates an EAPOL-Start packet and sends it to the device to initiate an
authentication process.
Upon receiving the EAPOL-Start packet, the device responds with an EAP-Request/Identity packet
2.
for the username of the client.
Device
EAPOL
(1) EAPOL-Start
(10) EAP-Success
Port authorized
......
Port unauthorized
EAPOR
(4) RADIUS Access-Request
(EAP-Response/Identity)
(5) RADIUS Access-Challenge
(EAP-Request/MD5 challenge)
(8) RADIUS Access-Request
(EAP-Response/MD5 challenge)
(9) RADIUS Access-Accept
(EAP-Success)
Handshake timer
76
Server
Advertisement
Table of Contents
Troubleshooting
