HP A5830 Series Configuration Manual page 77

The authentication server compares the received encrypted password with the one it generated at
9.
Step 5. If the two are identical, the authentication server considers the client valid and sends a
RADIUS Access-Accept packet to the network access device.
Upon receiving the RADIUS Access-Accept packet, the network access device sends an EAP-
10.
Success packet to the client, and it sets the controlled port in the authorized state so the client can
access the network.
After the client comes online, the network access device periodically sends handshake requests to
11.
check whether the client is still online. By default, if two consecutive handshake attempts fail, the
device logs off the client.
Upon receiving a handshake request, the client returns a response. If the client fails to return a
12.
response after a certain number of consecutive handshake attempts (two by default), the network
access device logs off the client. This handshake mechanism enables timely release of the network
resources used by 802.1X users who have abnormally gone offline.
The client can also send an EAPOL-Logoff packet to ask the network access device for a logoff.
13.
In response to the EAPOL-Logoff packet, the network access device changes the status of the
14.
controlled port from authorized to unauthorized and sends an EAP-Failure packet to the client.
In EAP relay mode, the client must use the same authentication method as the RADIUS server. On the
network access device, you only need to execute the dot1x authentication-method eap command to
enable EAP relay.
69