Manual
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
325
40.1.5.1 EAP Relay Mode
EAP relay is specified in IEEE 802.1x standard to carry EAP in other high-level protocols, such
as EAP over RADIUS, making sure that extended authentication protocol messages can reach
the authentication server through complicated networks. In general, EAP relay requires the
RADIUS server to support EAP attributes: EAP-Message and Message-Authenticator.
EAP is a widely-used authentication frame to transmit the actual authentication protocol rather
than a special authentication mechanism. EAP provides some common function and allows
the authentication mechanisms expected in the negotiation, which are called EAP Method. The
advantage of EAP lies in that EAP mechanism working as a base needs no adjustment when a
new authentication protocol appears. The following figure illustrates the protocol stack of EAP
authentication method.
the Protocol Stack of EAP Authentication Method
By now, there are more than 50 EAP authentication methods has been developed, the
differences among which are those in the authentication mechanism and the management of
keys. The 4 most common EAP authentication methods are listed as follows:
EAP-MD5
EAP-TLS (Transport Layer Security)
EAP-TTLS (Tunneled Transport Layer Security)
PEAP (Protected Extensible Authentication Protocol)
They will be described in detail in the following part.
Attention:
The switch, as the access controlling unit of Pass-through, will not check the content of
a particular EAP method, so can support all the EAP methods above and all the EAP
authentication methods that may be extended in the future.