1 eap relay mode – QTECH QSW-3400 Инструкция по настройке User Manual

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

325

40.1.5.1 EAP Relay Mode

EAP relay is specified in IEEE 802.1x standard to carry EAP in other high-level protocols, such

as EAP over RADIUS, making sure that extended authentication protocol messages can reach

the authentication server through complicated networks. In general, EAP relay requires the

RADIUS server to support EAP attributes: EAP-Message and Message-Authenticator.

EAP is a widely-used authentication frame to transmit the actual authentication protocol rather

than a special authentication mechanism. EAP provides some common function and allows

the authentication mechanisms expected in the negotiation, which are called EAP Method. The

advantage of EAP lies in that EAP mechanism working as a base needs no adjustment when a

new authentication protocol appears. The following figure illustrates the protocol stack of EAP

authentication method.

the Protocol Stack of EAP Authentication Method

By now, there are more than 50 EAP authentication methods has been developed, the

differences among which are those in the authentication mechanism and the management of

keys. The 4 most common EAP authentication methods are listed as follows:



EAP-MD5



EAP-TLS (Transport Layer Security)



EAP-TTLS (Tunneled Transport Layer Security)



PEAP (Protected Extensible Authentication Protocol)

They will be described in detail in the following part.

Attention:



The switch, as the access controlling unit of Pass-through, will not check the content of

a particular EAP method, so can support all the EAP methods above and all the EAP

authentication methods that may be extended in the future.