3Com Switch 7750 Configuration Guide
Introduction to 802.1x 391
The Mechanism of an
802.1x Authentication
System
IEEE 802.1x authentication system uses extensible authentication protocol (EAP) to
exchange information between the supplicant system and the authentication
server.
Figure 89 The mechanism of an 802.1x authentication system
■ EAP protocol packets transmitted between the supplicant system and the
authenticator system are encapsulated as EAPoL packets.
■ EAP protocol packets transmitted between the supplicant system PAE and the
RADIUS server can either be encapsulated as EAPoR (EAP over RADIUS) packets
or be terminated at system PAEs (The system PAEs then communicate with
RADIUS servers through PAP (password authentication protocol) or CHAP
(challenge-handshake authentication protocol) protocol packets.)
■ When a supplicant system passes the authentication, the authentication server
passes the information about the supplicant system to the authenticator
system. The authenticator system in turn determines the state (authorized or
unauthorized) of the controlled port according to the instructions (accept or
reject) received from the RADIUS server.
Encapsulation of EAPoL
Messages
The format of an EAPoL packet
EAPoL is a packet encapsulation format defined in 802.1x. To enable EAP protocol
packets to be transmitted between supplicant systems and authenticator systems
through LANs, EAP protocol packets are encapsulated in EAPoL format. The
following figure illustrates the structure of an EAPoL packet.
Figure 90 The format of an EAPoL packet
In an EAPoL packet:
■ The PAE Ethernet type field holds the protocol identifier. The identifier for
802.1x is 0x888E.
■ The Protocol version field holds the version of the protocol supported by the
sender of the EAPoL packet.
■ The Type field can be one of the following:
00: Indicates that the packet is an EAP-packet, which carries authentication
information.
01: Indicates that the packet is an EAPoL-start packet, which initiates
authentication.
Supplicant system
PAE
Authenticator system
PAE
Authentication server
system
EAPOL RADIUS
015
PAE Ethernet type
Packet body
TypeProtocol version
Length
7
2
4
6
N