Timers Used In 802.1X - 3Com 4500 Configuration Manual

Figure 1-9 802.1x authentication procedure (in EAP terminating mode)
Supplicant
system
PAE
EAP- Request /Identity
EAP- Response/Identity
EAP- Request/ MD5 Challenge
EAP- Response/MD5 Challenge
Handshake request
[EAP- Request/Identity]
Handshake response
[EAP- Response/Identity]
The authentication procedure in EAP terminating mode is the same as that in the EAP relay mode
except that the randomly-generated key in the EAP terminating mode is generated by the switch, and
that it is the switch that sends the user name, the randomly-generated key, and the supplicant
system-encrypted password to the RADIUS server for further authentication.

Timers Used in 802.1x

In 802.1 x authentication, the following timers are used to ensure that the supplicant system, the switch,
and the RADIUS server interact in an orderly way.
Handshake timer (handshake-period). This timer sets the handshake period and is triggered after
a supplicant system passes the authentication. It sets the interval for a switch to send handshake
request packets to online users. You can set the maximum number of transmission attempts by
using the dot1x retry command. An online user will be considered offline when the switch has not
received any response packets after the maximum number of handshake request transmission
attempts is reached.
Quiet-period timer (quiet-period). This timer sets the quiet-period. When a supplicant system fails
to pass the authentication, the switch quiets for the set period (set by the quiet-period timer) before
it processes another authentication request re-initiated by the supplicant system. During this quiet
period, the switch does not perform any 802.1x authentication-related actions for the supplicant
system.
EAPOL
Authenticator
system PAE
EAPOL- Start
( CHAP- Response/MD5 Challenge)
EAP- Success
Port
authorized
......
EAPOL- Logoff
Port
unauthorized
RADIUS
RADIUS server
RADIUS Access-Request
RADIUS Access - Accept
( CHAP-Success)
Handshake timer
1-9