Table of Contents
Advertisement
system and the PAE of the authenticator system in the environment of LAN.
Between the PAE of the authenticator system and the RADIUS server, there are two
methods to exchange information: one method is that EAP messages adopt EAPOR
(EAP over RADIUS) encapsulation format in RADIUS protocol; the other is that EAP
messages terminate with the PAE of the authenticator system, and adopt the messages
containing RAP (Password Authentication Protocol) or CHAP (Challenge Handshake
Authentication Protocol) attributes to do the authentication interaction with the RADIUS
server.
When the user pass the authentication, the authentication server system will send the
relative information of the user to authenticator system, the PAE of the authenticator
system will decide the authenticated/unauthenticated status of the controlled port
according to the authentication result of the RADIUS server.
42.1.3 The Encapsulation of EAPOL Messages
1. The Format of EAPOL Data Packets
EAPOL is a kind of message encapsulation format defined in 802.1x protocol, and is mainly
used to transmit EAP messages between the supplicant system and the authenticator system
in order to allow the transmission of EAP messages through the LAN. In IEEE 802/Ethernet
LAN environment, the format of EAPOL packet is illustrated in the next figure. The beginning of
the EAPOL packet is the Type/Length domain in MAC frames.
PAE Ethernet Type: Represents the type of the protocol whose value is 0x888E.
Protocol Version: Represents the version of the protocol supported by the sender of EAPOL
data packets.
Type: represents the type of the EAPOL data packets, including:
EAP-Packet (whose value is 0x00): the authentication information frame, used to carry
EAP messages. This kind of frame can pass through the authenticator system to transmit
EAP messages between the supplicant system and the authentication server system.
Figure 42-3: the Format of EAPOL Data Packet
42-138
Advertisement
Table of Contents
Troubleshooting
