Eap Over Radius; 802.1X Authentication Triggering - HP 4800G Series Configuration Manual

Figure 1-5 Format of the Data field in an EAP request/response packet
Identifier: Allows matching of responses with requests.
Length: Length of the EAP packet, including the Code, Identifier, Length, and Data fields, in bytes.
Data: Content of the EAP packet. This field is zero or more bytes and its format is determined by
the Code field.

EAP over RADIUS

Two attributes of RADIUS are intended for supporting EAP authentication: EAP-Message and
Message-Authenticator. For information about RADIUS packet format, refer to AAA Configuration in the
Security Volume.
EAP-Message
The EAP-Message attribute is used to encapsulate EAP packets.
format. The value of the Type field is 79. The String field can be up to 253 bytes. If the EAP packet is
longer than 253 bytes, it can be fragmented and encapsulated into multiple EAP-Message attributes.
Figure 1-6 Encapsulation format of the EAP-Message attribute
0
Type
Message-Authenticator
Figure 1-7 shows the encapsulation format of the Message-Authenticator attribute. The
Message-Authenticator attribute is used to prevent access requests from being snooped during EAP
authentication. It must be included in any packet with the EAP-Message attribute; otherwise, the packet
will be considered invalid and get discarded.
Figure 1-7 Encapsulation format of the Message-Authenticator attribute

802.1X Authentication Triggering

802.1X authentication can be initiated by either a client or the device.
7 15
Length
Figure 1-6
N
String
EAP packets
1-5
shows its encapsulation