Table of Contents
Advertisement
802.1X authentication procedures
802.1X authentication has two methods: EAP relay and EAP termination. You choose either mode
depending on support of the RADIUS server for EAP packets and EAP authentication methods.
•
EAP relay mode.
EAP relay is defined in IEEE 802.1X. In this mode, the network device uses EAPOR packets to
send authentication information to the RADIUS server, as shown in
Figure 27 EAP relay
In EAP relay mode, the client must use the same authentication method as the RADIUS server.
On the access device, you only need to use the dot1x authentication-method eap command
to enable EAP relay.
•
EAP termination mode.
As shown in
mode:
a. Terminates the EAP packets received from the client.
b. Encapsulates the client authentication information in standard RADIUS packets.
c. Uses PAP or CHAP to authenticate to the RADIUS server.
Figure 28 EAP termination
Comparing EAP relay and EAP termination
Packet exchange
method
EAP relay
EAP termination
Figure
28, the access device performs the following operations in EAP termination
Benefits
•
Supports various EAP
authentication methods.
•
The configuration and
processing are simple on the
access device.
Works with any RADIUS server
that supports PAP or CHAP
authentication.
Limitations
The RADIUS server must support the
EAP-Message and
Message-Authenticator attributes, and
the EAP authentication method used by
the client.
•
68
Figure
27.
Supports only the following EAP
authentication methods:
MD5-Challenge EAP
authentication.
The username and password
EAP authentication initiated by
an HPE iNode 802.1X client.
Advertisement
Table of Contents
Troubleshooting
