4000 Router Series Security Configuration Guide

A comparison of EAP relay and EAP termination

Packet exchan

e method Benefits

Limitations

EAP relay

• Supports various EAP

authentication methods.

• The configuration and

processing is simple on the

network access device.

The RADIUS server must support the

EAP-Message and

Message-Authenticator attributes, and

the EAP authentication method used by

the client.

EAP termination

Works with any RADIUS server that

supports PAP or CHAP

authentication.

• Supports only MD5-Challenge EAP

authentication and the "username +

password" EAP authentication

initiated by an HP iNode 802.1X

client.

• The processing is complex on the

network access device.

EAP relay

Figure 23 shows the basic 802.1X authentication procedure in EAP relay mode, assuming that EAP-MD5

is used.