3Com Switch 7750 Configuration Guide
396 CHAPTER 39: 802.1X CONFIGURATION
Figure 96 802.1x authentication procedure (in EAP terminating mode)
The authentication procedure in EAP terminating mode is the same as that in the
EAP relay mode except that the randomly-generated key in the EAP terminating
mode is generated by the switch, and that it is the switch that sends the user
name, the randomly-generated key, and the supplicant system-encrypted
password to the RADIUS server for further authentication.
802.1x Timer In 802.1 x authentication, the following timers are used to ensure that the
supplicant system, the switch, and the RADIUS server interact in an orderly way:
■ Transmission timer (tx-period): This timer sets the tx-period and is triggered by
the switch in one of the following two cases: The first case is when the client
requests for authentication. The switch sends a unicast request/identity packet
to a supplicant system and then enables the transmission timer. The switch
sends another request/identity packet to the supplicant system if the supplicant
system fails to send a reply packet to the switch when this timer times out. The
second case is when the switch authenticates the 802.1x client who does not
request for authentication actively. The switch sends multicast request/identity
packets continuously through the port enabled with 802.1x function, with the
interval of tx-period.
Supplicant
system
PAE
Authenticator
system PAE
RADIUS server
EAPOL
RADIUS
EAPOL- Start
EAP- Request /Identity
EAP- Response /Identity
EAP- Request/ MD5 Challenge
EAP- Success
EA P- Response / MD 5 Challenge
RADIUS Access-Request
( CHAP- Response /MD5 Challenge)
RADIUS Access- Accept
( CHAP- Success )
Port
authorized
Handshake timer
Handshake request
[EAP- Request /Identity]
Handshake response
[EAP- Response /Identity]
EAPOL- Logoff
......
Port
unauthorized