The Encapsulation Of Eap Attributes; Web Authentication Proxy Based On 802.1X - Planet XGS3-42000R User Manual

Figure 47-1-5
Identifier: to assist matching the Request and Response messages.
Length: the length of the EAP packet, covering the domains of Code, Identifier, Lengt h and Data, in byte.
Data: the content of the EAP packet, depending on the Code type.

47.1.4 The Encapsulation of EAP Attributes

RADIUS adds two attribute to support EAP authentication: EAP-Message and Message-Aut henticator. Please
refer to the Introduction of RA DIUS protocol in "AAA -RA DIUS-HW TACA CS operation" to check the format of
RADIUS messages.
1. EAP -Me ssage
As illustrated in the next figure, this attribute is used to encapsulate EAP packet, the type code is 79, String
domain should be no longer than 253 bytes. If the data length in an EAP packet is larger t han 253 bytes, the
packet can be divided int o fragments, which then will be encapsulated in several EAP-Messages attributes in
their original order.
2. Message-Authenticator
As illustrated in the next figure, this attribute is used in the process of using authentication methods like EAP
and CHAP to prevent the access request packets from being eavesdropped. Message-A uthenticator should
be included in the packets containing the EAP-Message attribute, or the packet will be dropped as an invalid
one.

47.1.5 Web Authentication Proxy based on 802.1x

The perspective of prior 802.1x aut hentication system abided by IEEE 802.1 x authentication systems on
architecture, working mec hanism, business processes. The client authentication pattern of prior
the Format of Data Domain in Request and Response Packets
the Encapsulation of EAP-Message Attribute
Figure 47-1-6
Message-Authenticator Attribute
Figure 47-1-7
47-5