5 the authentication methods of 802.1x, 1 eap relay mode, 5 the authentication methods of 802.1x -141 – PLANET WGSW-52040 User Manual

42.1.5 The Authentication Methods of 802.1x

The authentication can either be started by supplicant system initiatively or by devices. When

the device detects unauthenticated users to access the network, it will send supplicant system

EAP-Request/Identity messages to start authentication. On the other hand, the supplicant

system can send EAPOL-Start message to the device via supplicant software.

802.1 x systems supports EAP relay method and EAP termination method to implement

authentication with the remote RADIUS server. The following is the description of the process

of these two authentication methods, both started by the supplicant system.

42.1.5.1 EAP Relay Mode

EAP relay is specified in IEEE 802.1x standard to carry EAP in other high-level protocols, such

as EAP over RADIUS, making sure that extended authentication protocol messages can reach

the authentication server through complicated networks. In general, EAP relay requires the

RADIUS server to support EAP attributes: EAP-Message and Message-Authenticator.

EAP is a widely-used authentication frame to transmit the actual authentication protocol rather

than a special authentication mechanism. EAP provides some common function and allows

the authentication mechanisms expected in the negotiation, which are called EAP Method.

The advantage of EAP lies in that EAP mechanism working as a base needs no adjustment

when a new authentication protocol appears. The following figure illustrates the protocol stack

of EAP authentication method.

Figure 42-8: the Protocol Stack of EAP Authentication Method

By now, there are more than 50 EAP authentication methods has been developed, the

differences among which are those in the authentication mechanism and the management of

keys. The 4 most common EAP authentication methods are listed as follows:



EAP-MD5

42-141