Table of Contents
Advertisement
42.1.5 The Authentication Methods of 802.1x
The authentication can either be started by supplicant system initiatively or by devices. When
the device detects unauthenticated users to access the network, it will send supplicant system
EAP-Request/Identity messages to start authentication. On the other hand, the supplicant
system can send EAPOL-Start message to the device via supplicant software.
802.1 x systems supports EAP relay method and EAP termination method to implement
authentication with the remote RADIUS server. The following is the description of the process
of these two authentication methods, both started by the supplicant system.
42.1.5.1 EAP Relay Mode
EAP relay is specified in IEEE 802.1x standard to carry EAP in other high-level protocols, such
as EAP over RADIUS, making sure that extended authentication protocol messages can reach
the authentication server through complicated networks. In general, EAP relay requires the
RADIUS server to support EAP attributes: EAP-Message and Message-Authenticator.
EAP is a widely-used authentication frame to transmit the actual authentication protocol rather
than a special authentication mechanism. EAP provides some common function and allows
the authentication mechanisms expected in the negotiation, which are called EAP Method.
The advantage of EAP lies in that EAP mechanism working as a base needs no adjustment
when a new authentication protocol appears. The following figure illustrates the protocol stack
of EAP authentication method.
Figure 42-8: the Protocol Stack of EAP Authentication Method
By now, there are more than 50 EAP authentication methods has been developed, the
differences among which are those in the authentication mechanism and the management of
keys. The 4 most common EAP authentication methods are listed as follows:
EAP-MD5
42-141
Advertisement
Table of Contents
Troubleshooting
