3Com Switch 8800 Advanced Software V5 Configuration Guide
922 CHAPTER 71: 802.1X CONFIGURATION
EAP relay
EAP relay is an IEEE 802.1x standard mode. In this mode, EAP packets are carried
in a high layer protocol, such as RADIUS, so that they can go through complex
networks and reach the authentication server. Generally, EAP relay requires that
the RADIUS server support the EAP attributes of EAP-Message and
Message-Authenticator. See
Figure 272 for the message exchange procedure.
Figure 272 Message exchange in EAP relay mode
1 When a user launches the 802.1x client software and enters the registered
username and password, the 802.1x client software generates an EAPOL-Start
frame and sends it to the authenticator to initiate an authentication process.
2 Upon receiving the EAPOL-Start frame, the authenticator responds with an
EAP-Request/Identity packet for the username of the supplicant.
3 When the supplicant receives the EAP-Request/Identity packet, it encapsulates the
username in an EAP-Response/Identity packet and sends the packet to the
authenticator.
4 Upon receiving the EAP-Response/Identity packet, the authenticator relays the
packet in a RADIUS Access-Request packet to the authentication server.
Supplicant system
PAE
RADUIS
server
EAPOL EAPOR
EAPOL- Start
EAP - Request / Identity
EAP - Response / Identity
EAP- Request / MD5 challenge
EAP- Success
EAP- Response / MD5 challenge
RADIUS Access-Request
( EAP- Response / Identity)
RADIUS Access- Challenge
( EAP -Request / MD5 challenge)
RADIUS Access- Accept
( EAP- Success)
RADIUS Access- Request
( EAP- Response / MD5 challenge)
Port authorized
Handshake timer
Handshake request
[ EAP- Request / Identity ]
Handshake response
[ EAP - Response / Identity ]
EAPOL-Logoff
......
Port unauthorized
Authenticator system
PAE