802.1X Authentication Procedures - HP 1910 User Manual
Hp 1910 gigabit ethernet switch series
Hide thumbs
Also See for 1910:
- User manual (548 pages) ,
- Getting started manual (52 pages) ,
- Quickspecs (43 pages)
Table of Contents
Advertisement
Access device as the initiator
The access device initiates authentication, if a client cannot send EAPOL-Start packets. One example is
the 802.1X client available with Windows XP.
The access device supports the following modes:
Multicast trigger mode—The access device multicasts Identity EAP-Request packets periodically
•
(every 30 seconds by default) to initiate 802.1X authentication.
•
Unicast trigger mode—Upon receiving a frame with the source MAC address not in the MAC
address table, the access device sends an Identity EAP-Request packet out of the receiving port to
the unknown MAC address. It retransmits the packet if no response has been received within a
certain time interval.
802.1X authentication procedures
802.1X provides the following methods for authentication:
EAP relay.
•
EAP termination.
•
You choose either mode depending on the support of the RADIUS server for EAP packets and EAP
authentication methods.
•
EAP relay mode:
EAP relay is defined in IEEE 802.1X. In this mode, the network device uses EAPOR packets to send
authentication information to the RADIUS server, as shown in
In EAP relay mode, the client must use the same authentication method as the RADIUS server. On
the network access device, you only need to enable EAP relay.
Figure 323 EAP relay
•
EAP termination mode:
In EAP termination mode, the network access device terminates the EAP packets received from the
client, encapsulates the client authentication information in standard RADIUS packets, and uses
PAP or CHAP to authenticate to the RADIUS server, as shown in
Figure 324 EAP termination
351
Figure
323.
Figure
324.
Hide quick links:
Advertisement
Table of Contents
