Encapsulation of eapol messages, The format of an eapol packet – H3C Technologies H3C S3100 Series Switches User Manual

Page 368

Advertising
background image

1-3

Figure 1-2 The mechanism of an 802.1x authentication system

z

EAP protocol packets transmitted between the supplicant system PAE and the authenticator

system PAE are encapsulated as EAPoL packets.

z

EAP protocol packets transmitted between the authenticator system PAE and the RADIUS server

can either be encapsulated as EAP over RADIUS (EAPoR) packets or be terminated at system

PAEs. The system PAEs then communicate with RADIUS servers through password

authentication protocol (PAP) or challenge-handshake authentication protocol (CHAP) packets.

z

When a supplicant system passes the authentication, the authentication server passes the

information about the supplicant system to the authenticator system. The authenticator system in

turn determines the state (authorized or unauthorized) of the controlled port according to the

instructions (accept or reject) received from the RADIUS server.

Encapsulation of EAPoL Messages

The format of an EAPoL packet

EAPoL is a packet encapsulation format defined in 802.1x. To enable EAP protocol packets to be

transmitted between supplicant systems and authenticator systems through LANs, EAP protocol

packets are encapsulated in EAPoL format. The following figure illustrates the structure of an EAPoL

packet.

Figure 1-3 The format of an EAPoL packet

In an EAPoL packet:

z

The PAE Ethernet type field holds the protocol identifier. The identifier for 802.1x is 0x888E.

z

The Protocol version field holds the version of the protocol supported by the sender of the EAPoL

packet.

z

The Type field can be one of the following:

00: Indicates that the packet is an EAP-packet, which carries authentication information.

01: Indicates that the packet is an EAPoL-start packet, which initiates the authentication.

02: Indicates that the packet is an EAPoL-logoff packet, which sends logging off requests.

03: Indicates that the packet is an EAPoL-key packet, which carries key information.

04: Indicates that the packet is an EAPoL-encapsulated-ASF-Alert packet, which is used to

support the alerting messages of ASF (alerting standards forum).

z

The Length field indicates the size of the Packet body field. A value of 0 indicates that the Packet

Body field does not exist.

Advertising
Popular Brands
Popular manuals