802.1X Authentication Procedures - HP 1920 Gigabit Ethernet Switch Series User Manual

802.1X authentication procedures

802.1X provides the following methods for authentication:
• EAP relay.
EAP termination.
•
You choose either mode depending on the support of the RADIUS server for EAP packets and EAP
authentication methods.
EAP relay mode:
•
EAP relay is defined in IEEE 802.1X. In this mode, the network device uses EAPOR packets to send
authentication information to the RADIUS server, as shown in
Figure 304 EAP relay
In EAP relay mode, the client must use the same authentication method as the RADIUS server. On
the network access device, you only need to enable EAP relay.
Some network access devices provide the EAP server function so you can use EAP relay even if the
RADIUS server does not support any EAP authentication method or no RADIUS server is available.
EAP termination mode:
•
In EAP termination mode, the network access device terminates the EAP packets received from the
client, encapsulates the client authentication information in standard RADIUS packets, and uses
PAP or CHAP to authenticate to the RADIUS server, as shown in
Figure 305 EAP termination
Comparing EAP relay and EAP termination
Packet exchange method
EAP relay
Benefits
•
Supports various EAP
authentication methods.
•
The configuration and
processing is simple on the
network access device.
325
Figure 304.
Figure 305.
Limitations
The RADIUS server must support the
EAP-Message and Message-Authenticator
attributes, and the EAP authentication method
used by the client.