Manualshelf

H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
801802803804805806807808809810
Operation Manual – 802.1x - MAC Authentication
H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration
1-7
z EAP-MD5: EAP-MD5 authenticates the identity of a supplicant. The RADIUS
server sends an MD5 challenge (through an EAP-Request/MD5 Challenge packet)
to the supplicant. Then the supplicant encrypts the password with the offered
challenge.
z EAP-TLS: With EAP-TLS, a supplicant and the RADIUS server verify each other’s
security certificates and identities, guaranteeing that EAP packets are sent to the
intended destination and thus preventing network traffic from being snooped.
z EAP-TTLS: EAP-TTLS extends EAP-TLS. EAP-TLS allows for mutual
authentication between a supplicant and the authentication server. EAP-TTLS
extends this implementation by transferring packets through the secure tunnels
set up by TLS.
z PEAP: With PEAP, the RADIUS server sets up TLS tunnels with a supplicant
system for integrity protection and then performs a new round of EAP negotiation
with the supplicant system for identity authentication.
Figure 1-8 shows the message exchange procedure with EAP-MD5.
Figure 1-8 Message exchange in EAP relay mode