Eapol Encapsulation - H3C S7500 Series Operation Manual
Hide thumbs
Also See for S7500 Series:
- Installation manual (79 pages) ,
- Operation manual (47 pages) ,
- Command manual (39 pages)
Table of Contents
Advertisement
Operation Manual – 802.1x
H3C S7500 Series Ethernet Switches
terminated at the authenticator system PAE. The authenticator system PAE then
communicates with the RADIUS server through PAP (password authentication
protocol) or CHAP (challenge-handshake authentication protocol) packets.
When a supplicant system passes authentication, the authentication server
passes the information about the supplicant system to the authenticator system.
Then the authenticator system determines the state (authorized or unauthorized)
of the controlled port according to the instruction (accept or reject) received from
the RADIUS server.
1.1.3 EAPoL Encapsulation
I. EAPoL packet format
EAPoL is a packet encapsulation format defined in 802.1x. It is designed to transmit
EAP protocol packets between suppliant systems and authenticator systems over
LANs. The following figure illustrates the format of an EAPoL packet.
0
0
PAE Ethernet type
PAE Ethernet type
Figure 1-3 The format of an EAPoL packet
In an EAPoL packet:
The PAE Ethernet type field holds protocol type, with 0x888E being 802.1x.
The Protocol version field holds the version of the protocol supported by the
sender of EAPoL packets.
The Type field can be one of the following:
EAP-Packet (00): a packet used to carry authentication information;
EAPoL-Start (01): a packet used to initiate authentication;
EAPoL-Logoff (02): a packet used to send logging off request;
EAPoL-Key (03): a packet used to carry key information;
EAPoL-Encapsulated-ASF-Alert (04): a packet used to support the alerting
messages of alerting standards forum (ASF).
The Length field indicates the size of the Packet body field. A value of 0 indicates
that the Packet body field does not exist.
The Packet body field varies with the Type field.
Note that EAPoL-Start, EAPoL-Logoff, and EAPoL-Key packets are only transmitted
between the supplicant system and the authenticator system. EAP-packets are
encapsulated by the RADIUS protocol to traverse through complicated networks and
successfully reach the authentication server. Network management-related information
(such as alarming information) is encapsulated in EAPoL-Encapsulated-ASF-Alert
packets, which are terminated by the authenticator system.
2
2
3
3
Protocol version
Protocol version
1-4
Chapter 1 802.1x Configuration
4
4
6
6
Type
Type
Length
Length
Packet body
Packet body
N
N
Advertisement
Chapters
Table of Contents
Troubleshooting
