802.1X Authentication Process; Eapol Message Exchange - HP 438031-B21 - 1:10Gb Ethernet BL-c Switch Application Manual

802.1x authentication process

The clients and authenticators communicate using Extensible Authentication Protocol (EAP), which was
originally designed to run over PPP, and for which the IEEE 802.1x Standard has defined an
encapsulation method over Ethernet frames, called EAP over LAN (EAPOL).
The following figure shows a typical message exchange initiated by the client.
Using EAPoL to authenticate a port
Figure 2

EAPoL Message Exchange

During authentication, EAPOL messages are exchanged between the client and the switch authenticator,
while RADIUS-EAP messages are exchanged between the switch authenticator and the Radius
authentication server.
Authentication is initiated by one of the following methods:
Switch authenticator sends an EAP-Request/Identity packet to the client.
Client sends an EAPOL-Start frame to the switch authenticator, which responds with an EAP-
Request/Identity frame.
The client confirms its identity by sending an EAP-Response/Identity frame to the switch authenticator,
which forwards the frame encapsulated in a RADIUS packet to the server.
Port-based Network Access and traffic control
47