4 the encapsulation of eap attributes -285, 4 the encapsulation of eap attributes – QTECH QSW-2800 Инструкция по настройке User Manual

Page 299

Advertising
background image

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

285

Code: specifies the type of the EAP packet. There are four of them in total: Request (1)

,Response (2) ,Success (3) ,Failure (4) .

There is no Data domain in the packets of which the type is Success or Failure, and the value

of the Length domains in such packets is 4.

The format of Data domains in the packets of which the type is Request and Response is

illustrated in the next figure. Type is the authentication type of EAP, the content of Type data

depends on the type. For example, when the value of the type is 1, it means Identity, and is

used to query the identity of the other side. When the type is 4, it means MD5-Challenge, like

PPP CHAP protocol, contains query messages.

The Format of Data Domain in Request and Response Packets

Identifier: to assist matching the Request and Response messages.

Length: the length of the EAP packet, covering the domains of Code, Identifier, Length and

Data, in byte.

Data: the content of the EAP packet, depending on the Code type.

38.1.4 The Encapsulation of EAP Attributes

RADIUS adds two attribute to support EAP authentication: EAP-Message and Message-
Authenticator. Please refer to the Introduction of RADIUS protocol in “AAA-RADIUS-
HWTACACS operation” to check the format of RADIUS messages.

1. EAP-Message

As illustrated in the next figure, this attribute is used to encapsulate EAP packet, the type code

is 79, String domain should be no longer than 253 bytes. If the data length in an EAP packet is

larger than 253 bytes, the packet can be divided into fragments, which then will be

encapsulated in several EAP-Messages attributes in their original order.

The Encapsulation of EAP-Message Attribute

2. Message-Authenticator

As illustrated in the next figure, this attribute is used in the process of using authentication

methods like EAP and CHAP to prevent the access request packets from being eavesdropped.

Message-Authenticator should be included in the packets containing the EAP-Message

attribute, or the packet will be dropped as an invalid one.

Advertising
Popular Brands
Popular manuals