Eapol Message Exchange - HP GbE2c - Blc Layer 2/3 Fiber SFP Option Application Manual

Ethernet blade switch for c-class bladesystem

Hide thumbs Also See for GbE2c - Blc Layer 2/3 Fiber SFP Option:

Interface manual (209 pages)

Command reference manual (175 pages)

Cli reference manual (153 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

Table of Contents

The following figure shows a typical message exchange initiated by the client.

Figure 2

Using EAPoL to authenticate a port

EAPoL Message Exchange

During authentication, EAPOL messages are exchanged between the client and the switch authenticator, while

RADIUS-EAP messages are exchanged between the switch authenticator and the Radius authentication server.

Authentication is initiated by one of the following methods:

Switch authenticator sends an EAP-Request/Identity packet to the client.

Client sends an EAPOL-Start frame to the switch authenticator, which responds with an EAP-Request/Identity frame.

The client confirms its identity by sending an EAP-Response/Identity frame to the switch authenticator, which forwards

the frame encapsulated in a RADIUS packet to the server.

The Radius server chooses an EAP-supported authentication algorithm to verify the client's identity, and sends an EAP-

Request packet to the client via the switch authenticator. The client then replies to the Radius server with an EAP-

Response containing its credentials.

Upon a successful authentication of the client by the server, the 802.1x-controlled port transitions from unauthorized

to authorized state, and the client is allowed full access to services through the controlled port. When the client later

sends an EAPOL-Logoff message to the switch authenticator, the port transitions from authorized to unauthorized state.

If a client that does not support 802.1x connects to an 802.1x-controlled port, the switch authenticator requests the

client's identity when it detects a change in the operational state of the port. The client does not respond to the

request, and the port remains in the unauthorized state.

NOTE:

When an 802.1x-enabled client connects to a port that is not 802.1x-controlled, the client initiates the

authentication process by sending an EAPOL-Start frame. When no response is received, the client retransmits

the request for a fixed number of times. If no response is received, the client assumes the port is in authorized

state, and begins sending frames, even if the port is unauthorized.

Port-based Network Access and traffic control 40

Table of Contents

Troubleshooting

Need help?

Do you have a question about the GbE2c - Blc Layer 2/3 Fiber SFP Option and is the answer not in the manual?

This manual is also suitable for:

Gbe2c Xw460c - proliant - blade workstation

Eapol Message Exchange - HP GbE2c - Blc Layer 2/3 Fiber SFP Option Application Manual

EAPoL Message Exchange

Troubleshooting

Need help?

Related Manuals for HP GbE2c - Blc Layer 2/3 Fiber SFP Option

Related Content for HP GbE2c - Blc Layer 2/3 Fiber SFP Option

This manual is also suitable for:

Table of Contents