The Authentication Methods Of 802.1X - Edge-Core ES4626 User Manual

23.1.5 The Authentication Methods of 802.1x

The authentication can either be started by supplicant system initiatively or by
devices. When the device detects unauthenticated users to access the network, it will
send supplicant system EAP-Request/Identity messages to start authentication. On the
other hand, the supplicant system can send EAPOL-Start message to the device via
supplicant software.
802.1x system supports EAP relay method and EAP termination method to
implement authentication with the remote RADIUS server. The following is the description
of the process of these two authentication methods, both started by the supplicant
system.
23.1.5.1 EAP Relay Mode
EAP relay is specified in IEEE 802.1x standard to carry EAP in other high-level
protocols, such as EAP over RADIUS, making sure that extended authentication protocol
messages can reach the authentication server through complicated networks. In general,
EAP relay requires the RADIUS server to support EAP attributes: EAP-Message and
Message-Authenticator.
EAP is a widely-used authentication frame to transmit the actual authentication
protocol rather than a special authentication mechanism. EAP provides some common
function and allows the authentication mechanisms expected in the negotiation, which
are called EAP Method. The advantage of EAP lies in that EAP mechanism working as a
base needs no adjustment when a new authentication protocol appears. The following
figure illustrates the protocol stack of EAP authentication method.
Fig 23-8 the Protocol Stack of EAP Authentication Method
By now, there are more than 50 EAP authentication methods has been developed,
the differences among which are those in the authentication mechanism and the
824