H3C S7500 Series Ethernet Switches Operation Manual
Operation Manual – 802.1x
H3C S7500 Series Ethernet Switches Chapter 1
802.1x Configuration
1-5
II. EAP packet format
For an EAPoL packet with the Type value being EAP-packet, the corresponding Packet
body is an EAP packet. Its format is illustrated in
Figure 1-4.
Code Identifier Length Data
N
t
0
12
4
Figure 1-4 The format of an EAP packe
In an EAP packet:
z The Code field specifies the EAP packet type, which can be Request, Response,
Success, or Failure.
z The Identifier field helps match Response and Request messages.
z The Length field indicates the size of an EAP packet, which includes the Code,
Identifier, Length, and Data fields.
z The Data field varies with the Code field.
A Success or Failure type EAP packet does not contain the Data field. Accordingly the
Length field is 4.
Figure 1-5 shows the format of Data field of Request and Response type packets.
Type Type Data
s
Figure 1-5 The format of Data field of Request and Response type packet
z The Type field specifies the EAP authentication type. A value of 1 represents
Identity, indicating that the packet is for querying the identity of the supplicant. A
value of 4 represents MD5 Challenge (similar to PPP CHAP protocol), including
query information.
z The Type Date field varies with different types of Request and Response packets.
III. EAP attribute encapsulation
Two attributes, EAP-message and Message-authenticator, are added for EAP
authentication. (For information about RADIUS packet format, refer to the Introduction
to RADIUS protocol section in AAA-RADIUS-HWTACACS-EAD Operation Manual.)
As shown in
Figure 1-6, the EAP-message attribute is used to encapsulate EAP
packets. The type code is 79. The maximum size of the string field is 253 bytes. EAP
packets with their sizes larger than 253 bytes are fragmented and stored in multiple
EAP-message fields orderly.