HP 6125G Configuration Manual page 82

The authentication server compares the received encrypted password with the one it generated at
9.
step 5. If the two are identical, the authentication server considers the client valid and sends a
RADIUS Access-Accept packet to the network access device.
Upon receiving the RADIUS Access-Accept packet, the network access device sends an
10.
EAP-Success packet to the client, and sets the controlled port in the authorized state so the client
can access the network.
After the client comes online, the network access device periodically sends handshake requests to
11.
check whether the client is still online. By default, if two consecutive handshake attempts fail, the
device logs off the client.
Upon receiving a handshake request, the client returns a response. If the client fails to return a
12.
response after a certain number of consecutive handshake attempts (two by default), the network
access device logs off the client. This handshake mechanism enables timely release of the network
resources used by 802.1X users that have abnormally gone offline.
The client can also send an EAPOL-Logoff packet to ask the network access device for a logoff.
13.
Then
In response to the EAPOL-Logoff packet, the network access device changes the status of the
14.
controlled port from authorized to unauthorized and sends an EAP-Failure packet to the client.
72