Figure 7-2. 802.1X Authentication Process
Supplicant
EAP over RADIUS
802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as
defined in RFC 3579. EAP messages are encapsulated in RADIUS packets as a type of attribute in Type,
Length, Value (TLV) format. The Type value for EAP messages is 79.
Figure 7-3. RADIUS Frame Format
Code
Range: 1-4
Codes: 1: Access-Request
2: Access-Accept
3: Access-Reject
11: Access-Challenge
110
|
802.1X
Authenticator
EAP over LAN (EAPOL)
Request Identity
Response Identity
EAP Request
EAP Reponse
EAP {Sucess | Failure}
Identifier
Length
Authentication
Server
EAP over RADIUS
Access Request
Access Challenge
Access Request
Access {Accept | Reject}
Message-Authenticator
Attribute
Type
Length
(79)
EAP-Message Attribute
EAP-Method Data
(Supplicant Requested Credentials)