Eap Relay - HP 5120 EI Switch Series Configuration Manual
Hide thumbs
Also See for 5120 EI Switch Series:
- Lan switching configuration manual (235 pages) ,
- Installation manual (92 pages) ,
- Specification (51 pages)
Table of Contents
Advertisement
Packet exchange method
EAP termination
EAP relay
Figure 31
shows the basic 802.1X authentication procedure in EAP relay mode, assuming that EAP-MD5
is used.
Figure 31 802.1X authentication procedure in EAP relay mode
Client
(2) EAP-Request/Identity
(3) EAP-Response/Identity
(6) EAP-Request/MD5 challenge
(7) EAP-Response/MD5 challenge
(11) EAP-Request/Identity
(12) EAP-Response/Identity
(13) EAPOL-Logoff
When a user launches the 802.1X client software and enters a registered username and password,
1.
the 802.1X client software sends an EAPOL-Start packet to the network access device.
The network access device responds with an Identity EAP-Request packet to ask for the client
2.
username.
Benefits
Works with any RADIUS server that
supports PAP or CHAP authentication.
Device
EAPOL
(1) EAPOL-Start
(10) EAP-Success
Port authorized
...
Port unauthorized
(14) EAP-Failure
Authentication server
EAPOR
(4) RADIUS Access-Request
(EAP-Response/Identity)
(5) RADIUS Access-Challenge
(EAP-Request/MD5 challenge)
(8) RADIUS Access-Request
(EAP-Response/MD5 challenge)
(9) RADIUS Access-Accept
(EAP-Success)
68
Limitations
Supports only MD5-Challenge
EAP authentication and the
"username + password" EAP
authentication initiated by an
iNode 802.1X client.
The processing is complex on
the network access device.
Advertisement
Table of Contents
Troubleshooting
