Fields added for eap authentication, 1x authentication procedure, Eap relay mode – H3C Technologies H3C WX3000 Series Unified Switches User Manual
Page 222: Figure 23-5
23-5
Figure 23-5
The format of the Data field of a Request packet or a Response packet
z
The Type field indicates the EAP authentication type. A value of 1 indicates Identity and that the
packet is used to query the identity of the peer. A value of 4 represents MD5-Challenge (similar to
PPP CHAP) and indicates that the packet includes query information.
z
The Type Date field differs with types of Request and Response packets.
Fields added for EAP authentication
Two fields, EAP-message and Message-authenticator, are added to a RADIUS protocol packet for EAP
authentication. (Refer to the Introduction to RADIUS protocol section in AAA in H3C WX3000 Series
Unified Switches Switching Engine Configuration Guide
for information about the format of a RADIUS
protocol packet.)
The EAP-message field, whose format is shown in
, is used to encapsulate EAP packets.
The maximum size of the string field is 253 bytes. EAP packets with their size larger than 253 bytes are
fragmented and are encapsulated in multiple EAP-message fields. The type code of the EAP-message
field is 79.
Figure 23-6
The format of an EAP-message field
The Message-authenticator field, whose format is shown in
unauthorized interception to access requesting packets during authentications using CHAP, EAP, and
so on. A packet with the EAP-message field must also have the Message-authenticator field. Otherwise,
the packet is regarded as invalid and is discarded.
Figure 23-7
The format of an Message-authenticator field
802.1x Authentication Procedure
The device can authenticate supplicant systems in EAP terminating mode or EAP relay mode.
EAP relay mode
This mode is defined in 802.1x. In this mode, EAP-packets are encapsulated in higher level protocol
(such as EAPoR) packets to enable them to successfully reach the authentication server. Normally, this
mode requires that the RADIUS server support the two newly-added fields: the EAP-message field
(with a value of 79) and the Message-authenticator field (with a value of 80).