Eap Over Lan - H3C S9500E Series Security Configuration Manual

•
auto: Places the port in the unauthorized state initially to allow only EAPOL packets to pass,
and turns the port into the authorized state to allow access to the network after the users pass
authentication. This is the most common choice.
Control direction
In the unauthorized state, the controlled port can be set to deny traffic to and from the client or just
the traffic from the client.
Currently, your switch can only be set to deny traffic from the client.

EAP over LAN

EAPOL packet format
EAPOL, defined in 802.1X, is intended to carry EAP protocol packets between clients and switches
over LANs. Figure 17shows the EAPOL packet format. See Figure 17.
Figure 17 EAPOL packet format
•
PAE Ethernet type: Protocol type. It takes the value 0x888E.
•
Protocol version: Version of the EAPOL protocol supported by the EAPOL packet sender.
•
Type: Type of the EAPOL packet. Table 4 lists the types that the switch currently supports.
Table 4 Types of EAPOL packets
Value
0x00
0x01
0x02
Type
EAP-Packet
EAPOL-Start
EAPOL-Logoff
67
Description
Packet for carrying authentication information. A packet
of this type is repackaged and transferred by RADIUS
on the switch to get through complex networks to reach
the authentication server.
Packet for initiating authentication, present between a
client and a switch.
Packet for logoff request, present between a client and
a switch.