Manual
213
User Guide
© 2014 Luxul. All Rights Reserved.
Other trademarks and registered trademarks are the property of their respective owners
Upon receipt of the key (encapsulated in an EAP-Request/MD5 Challenge packet)
from the Switch, the client program encrypts the Password of the Supplicant with
the key and sends the encrypted Password (contained in an EAP-Response/MD5
Challenge packet) to the RADIUS Server through the Switch.
The RADIUS Server compares the received encrypted Password (contained in a
RADIUS Access-Request packet) with the locally-encrypted Password. If the two
match, it will then send feedback (through a RADIUS Access-Accept packet and an
EAP-Success packet) to the Switch to indicate that the Supplicant is Authorized.
The Switch changes the state of the corresponding Port to Accepted, which allows
the Supplicant to access the Network. The Switch will then monitor the status of the
Supplicant by sending Hand-Shake packets periodically. By default, the Switch will
force the Supplicant to log off if it does not receive a response from the Supplicant
after two attempts.
The Supplicant can also terminate the Authenticated state by sending EAPOL-Logoff
packets to the Switch. The Switch then changes the Port state from Accepted
to Rejected.
EAP Terminating Mode
In this mode packet transmission from the Supplicant is terminated at Authenticator
and the EAP packets are converted into RADIUS packets. Authentication and
Accounting are accomplished through the RADIUS protocol.
In this mode, PAP or CHAP is employed between the Switch and the RADIUS Server.
This Switch supports the PAP termination mode. The Authentication procedure of PAP
is illustrated in the following fi gure:
Figure 12-19 PAP Authentication Procedure