H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

801

802

803

804

805

806

807

808

809

810

Operation Manual – 802.1x - MAC Authentication

H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration

1-9

 Note:

In EAP relay mode, a supplicant must use the same authentication method as that of

the RADIUS server, no matter whichever of the above mentioned authentication

methods is used. On the device, however, you only need to execute the dot1x

authentication-method eap command to enable EAP relay.

II. EAP termination

In EAP termination mode, EAP packets are terminated at the authenticator and then

repackaged into the PAP or CHAP attributes of RADIUS and transferred to the RADIUS

server for authentication, authorization, and accounting.

Figure 1-9 shows the

message exchange procedure with CHAP authentication.

EAPOL

RADIUS

EAPOL-Start

EAP- Resquest / Identity

EAP- Response / Identity

EAP- Request / MD 5 challenge

EAP- Response / MD5 challenge

RADIUS Access - Request

(CHAP- Response / MD 5 challenge)

RADIUS Access- Accept

(CHAP- Success)

Port authorized

Handshake timer

......

Port unauthorized

Supplicant system

PAE

Authenticator system

PAE

RADUIS

server

EAP- Success

Handshake request

[ EAP- Request / Identity ]

Handshake response

[ EAP- Response / Identity ]

EAPOL- Logoff

Figure 1-9 Message exchange in EAP termination mode