802.1X Authentication Procedures - HP MSR Series Configuration Manual

•
Multicast trigger mode—The access device multicasts Identity EAP-Request packets to
initiate 802.1X authentication at the identity request interval.
•
Unicast trigger mode—Upon receiving a frame from an unknown MAC address, the access
device sends an Identity EAP-Request packet out of the receiving port to the MAC address. The
device retransmits the packet if no response has been received within the identity request
timeout interval. This process continues until the maximum number of request attempts set by
using the dot1x retry command is reached.
The username request timeout timer sets both the identity request interval for the multicast trigger
and the identity request timeout interval for the unicast trigger.

802.1X authentication procedures

802.1X authentication has two methods: EAP relay and EAP termination. You choose either mode
depending on support of the RADIUS server for EAP packets and EAP authentication methods.
•
EAP relay mode.
EAP relay is defined in IEEE 802.1X. In this mode, the network device uses EAPOR packets to
send authentication information to the RADIUS server, as shown in
Figure 34 EAP relay
In EAP relay mode, the client must use the same authentication method as the RADIUS server.
On the access device, you only need to use the dot1x authentication-method eap command
to enable EAP relay.
•
EAP termination mode.
As shown in
mode:
a. Terminates the EAP packets received from the client.
b. Encapsulates the client authentication information in standard RADIUS packets.
c. Uses PAP or CHAP to authenticate to the RADIUS server.
Figure 35 EAP termination
Figure 35, the access device performs the following operations in EAP termination
83
Figure 34.