Manualshelf

3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module
911912913914915916917918919920
802.1x Overview 923
5 When receiving the RADIUS Access-Request packet, the authentication server
compares the identify information against its user information table to obtain the
corresponding password information. Then, it encrypts the password information
using a randomly generated challenge, and sends the challenge information
through a RADIUS Access-Challenge packet to the authenticator.
6 After receiving the RADIUS Access-Challenge packet, the authenticator relays the
contained EAP-Request/MD5 Challenge packet to the supplicant.
7 When receiving the EAP-Request/MD5 Challenge packet, the supplicant uses the
offered challenge to encrypt the password part (this process is not reversible),
creates an EAP-Response/MD5 Challenge packet, and then sends the packet to
the authenticator.
8 After receiving the EAP-Response/MD5 Challenge packet, the authenticator relays
the packet in a RADIUS Access-Request packet to the authentication server.
9 When receiving the RADIUS Access-Request packet, the authentication server
compares the password information encapsulated in the packet with that
generated by itself. If the two are identical, the authentication server considers the
user valid and sends to the authenticator a RADIUS Access-Accept packet,
instructing the authenticator to open the port to permit the access request of the
supplicant.
10 After the supplicant gets online, the authenticator periodically sends handshake
requests to the supplicant to check whether the supplicant is still online. By
default, if two consecutive handshake attempts end up with failure, the
authenticator concludes that the supplicant has gone offline and performs the
necessary operations, guaranteeing that the authenticator always knows when a
supplicant goes offline.
11 The supplicant can also sends an EAPOL-Logoff frame to the authenticator to
terminate the authenticated status. In this case, the authenticator changes the
status of the port from authorized to unauthorized.
EAP termination
In EAP termination mode, EAP packets are terminated at the authenticator and
then repackaged into the PAP or CHAP attributes of RADIUS and transferred to the
RADIUS server for authentication, authorization, and accounting. See
Figure 273
for the message exchange procedure.