Administrator Guide
194 | 802.1X EAP-PEAP Reference Dell Networking W-ClearPass Deployment Guide
Transport Layer Security (TLS) Tunnel Setup
12
Steps 10 and 11 repeat until the authentication server has transmitted all of its handshake messages.
This may take several steps due to having to dismantle the certificates into fragments that fit within the
size limits of an EAP message.
13
The supplicant sends another TLS Handshake message inside an EAP-Response message of types
"Client Key Exchange," "Change Cipher Spec," "Handshake," and "Client Finished" to the authenticator.
14 The authenticator sends this EAP-Response to the authentication server.
14
The authentication server responds to the authenticator with an EAP-Request for the supplicant that
contains the message types "Change Cipher Spec" and "Server Finished."
16 The authenticator passes the EAP message to the supplicant.
17 The supplicant sends an EAP-Response for the authentication server to the authenticator.
18 The authenticator sends the EAP-Response to the authentication server.
Inner EAP MSCHAPv2
19
Inside the TLS tunnel, the EAP process starts again with the authentication server sending an EAP
Identity Request to the supplicant requesting the client's identity.