User's Manual
326
Packet exchan
g
e method Benefits
Limitations
EAP termination
Works with any RADIUS
server that supports PAP or
CHAP authentication.
• Supports only MD5-Challenge EAP
authentication and the "username +
password" EAP authentication initiated by
an HP iNode 802.1X client.
• The processing is complex on the network
access device.
EAP relay
Figure 306 shows the basic 802.1X authentication procedure in EAP relay mode, assuming that
EAP-MD5 is used.
Figure 306 802.1X authentication procedure in EAP relay mode
1. When a user launches the 802.1X client software and enters a registered username and password,
the 802.1X client software sends an EAPOL-Start packet to the network access device.
2. The network access device responds with an Identity EAP-Request packet to ask for the client
username.
3. In response to the Identity EAP-Request packet, the client sends the username in an Identity
EAP-Response packet to the network access device.
4. The network access device relays the Identity EAP-Response packet in a RADIUS Access-Request
packet to the authentication server.