R3303-HP HSR6800 Routers Security Configuration Guide
78
A comparison of EAP relay and EAP termination
Packet exchan
g
e method Benefits
Limitations
EAP relay
• Supports various EAP
authentication methods.
• The configuration and processing is
simple on the network access
device.
The RADIUS server must support the
EAP-Message and
Message-Authenticator attributes,
and the EAP authentication method
used by the client.
EAP termination
Works with any RADIUS server that
supports PAP or CHAP authentication.
• Supports only MD5-Challenge
EAP authentication and the
"username + password" EAP
authentication initiated by an HP
iNode 802.1X client.
• The processing is complex on the
network access device.
EAP relay
Figure 35 shows the basic 802.1X authentication procedure in EAP relay mode, assuming that EAP-MD5
is used.