The Authentication Methods Of 802.1X - Planet XGS3-42000R User Manual

authentication system privately. The devices are layer 2 switch and the authentication server is RA DIUS
server. EAP protocol is used for t he authentication message pattern. EAPOL encapsulation is used bet ween
client and the authentication proxy switch, that is to say, EAP message is encapsulated in the Ethernet frame
to authenticate and communicate, however, EAPOR encapsulation is used between authentication proxy
switch and authentication s erver, that is to say, EAP message is loaded on the Radius protocol to
authenticate and communicate. it can be also forward by the device, transmit the PAP protocol message or
CHAP protocol message based on the RA DIUS protocol between the device and the RA DIUS sever.
In 802.1x authentication system, in order to implement the identity authentication and the net work permission,
user should install the authentication client soft ware, pass client login authentication progress and then
achieve aut henticated communication wit h DCBI server. But some customers do not want to install client
software, and they hope to authenticate by the internet explorer simplified. So in order to satisfy the new
demand from the user and realize the plat forms irrelevance of the authentication client, the Web
authentication function based on 802.1x is designed for authentication.
The Web authentication is still based on IEEE 802.1x authentication system, the Java Applet in internet
explorer is instead of the prior client software, the devises is layer 3 switch, aut hentication server is the
standardized RA DIUS server, and the authentication message is loaded in the EAP message to communicate.
The Ethernet frame can't be send bec ause of the Java A pplet us ed in client, so EAP message can't be
encapsulated in the Ethernet frame to send, EAP message should be loaded on the UDP prot ocol instead of
EAPOU, in order to achieve the authentication and communic ation between web client and web
authentication proxy switch. The standardized EAPOR protocol is still used bet ween the authentication proxy
switch and authentication server.

47.1.6 The Authentication Methods of 802.1x

The authentication can either be started by supplicant system initiatively or by devices. When the device
detects unauthenticated users to access the network, it will send supplicant system EAP-Request/Identity
messages to start authentication. On t he ot her hand, the s upplicant system can send EAPOL-Start message
to the device via supplicant soft ware.
802.1 x systems supports EAP relay method and EAP termination method to implement authentication with
the remote RA DIUS server. The following is the description of the process of thes e two authentication
methods, bot h started by the supplicant system.
47.1.6.1 EAP Relay Mode
EAP relay is specified in IEEE 802.1x standard to carry EAP in other high-level protocols, such as EAP over
RADIUS, making sure that extended authentication prot ocol messages can reach the authentication server
through complicated networks. In general, EAP relay requires the RADIUS server to support EAP attributes:
EAP-Message and Message-Authenticator.
47-6