2 the work mechanism of 802.1x, 3 the encapsulation of eapol messages – PLANET WGSW-50040 User Manual

25-3

25.1.2 The Work Mechanism of 802.1x

IEEE 802.1x authentication system uses EAP (Extensible Authentication Protocol) to implement exchange of

authentication information between the supplicant system, authenticator system and authentication server

system.

Figure

25-2 the Work Mechanism of 802.1x



EAP messages adopt EAPOL encapsulation format between the PAE of the supplicant system and

the PAE of the authenticator system in the environment of LAN.



Between the PAE of the authenticator system and the RADIUS server, there are two methods to

exchange information: one method is that EAP messages adopt EAPOR (EAP over RADIUS)

encapsulation format in RADIUS protocol; the other is that EAP messages terminate with the PAE

of the authenticator system, and adopt the messages containing RAP (Password Authentication

Protocol) or CHAP (Challenge Handshake Authentication Protocol) attributes to do the

authentication interaction with the RADIUS server.



When the user pass the authentication, the authentication server system will send the relative

information of the user to authenticator system, the PAE of the authenticator system will decide the

authenticated/unauthenticated status of the controlled port according to the authentication result of

the RADIUS server.

25.1.3 The Encapsulation of EAPOL Messages

1. The Format of EAPOL Data Packets

EAPOL is a kind of message encapsulation format defined in 802.1x protocol, and is mainly used to transmit

EAP messages between the supplicant system and the authenticator system in order to allow the

transmission of EAP messages through the LAN. In IEEE 802/Ethernet LAN environment, the format of

EAPOL packet is illustrated in the next figure. The beginning of the EAPOL packet is the Type/Length domain

in MAC frames.

Figure

25-3 the Format of EAPOL Data Packet