Connectivity Guide
6 If the identity information the supplicant provides is valid, the authentication server sends an Access Accept frame that specify the
network privileges. The authenticator changes the port state to authorize and forwards an EAP Success frame. If the identity
information is invalid, the server sends an Access Reject frame. If the port state remains unauthorized, the authenticator forwards an
EAP Failure frame.
EAP over RADIUS
802.1X uses RADIUS to transfer EAP packets between the authenticator and the authentication server. EAP messages are encapsulated in
RADIUS packets as an attribute of type, length, value (TLV) format — the type value for EAP messages is 79.
Congure 802.1X
You can congure and enable 802.1X on a port in a single process. OS10 supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS,
PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. All platforms support RADIUS as the authentication server.
If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server if congured.
NOTE
: 802.1X is not supported on port-channels or port-channel members.
Layer 2 255