Table of Contents
Advertisement
Figure 22 Authorization state of a controlled port
802.1X-related protocols
802.1X uses the Extensible Authentication Protocol (EAP) to transport authentication information for
the client, the access device, and the authentication server. EAP is an authentication framework that
uses the client/server model. The framework supports a variety of authentication methods, including
MD5-Challenge, EAP-Transport Layer Security (EAP-TLS), and Protected EAP (PEAP).
802.1X defines EAP over LAN (EAPOL) for passing EAP packets between the client and the access
device over a wired or wireless LAN. Between the access device and the authentication server,
802.1X delivers authentication information by using one of the following methods:
•
Encapsulates EAP packets in RADIUS by using EAP over RADIUS (EAPOR), as described in
"EAP
relay."
•
Extracts authentication information from the EAP packets and encapsulates the information in
standard RADIUS packets, as described in
Packet formats
EAP packet format
Figure 23
shows the EAP packet format.
Figure 23 EAP packet format
•
Code—Type of the EAP packet. Options include Request (1), Response (2), Success (3), or
Failure (4).
•
Identifier—Used for matching Responses with Requests.
•
Length—Length (in bytes) of the EAP packet. The EAP packet length is the sum of the Code,
Identifier, Length, and Data fields.
"EAP
termination."
65
Advertisement
Table of Contents
Troubleshooting
