1 eap relay mode – PLANET XGS3-24042 User Manual

52-6

the remote RADIUS server. The following is the description of the process of these two authentication

methods, both started by the supplicant system.

52.1.5.1 EAP Relay Mode

EAP relay is specified in IEEE 802.1x standard to carry EAP in other high-level protocols, such as EAP over

RADIUS, making sure that extended authentication protocol messages can reach the authentication server

through complicated networks. In general, EAP relay requires the RADIUS server to support EAP attributes:

EAP-Message and Message-Authenticator.

EAP is a widely-used authentication frame to transmit the actual authentication protocol rather than a special

authentication mechanism. EAP provides some common function and allows the authentication mechanisms

expected in the negotiation, which are called EAP Method. The advantage of EAP lies in that EAP mechanism

working as a base needs no adjustment when a new authentication protocol appears. The following figure

illustrates the protocol stack of EAP authentication method.

Figure

52-8

the Protocol Stack of EAP Authentication Method

By now, there are more than 50 EAP authentication methods has been developed, the differences among

which are those in the authentication mechanism and the management of keys. The 4 most common EAP

authentication methods are listed as follows:



EAP-MD5



EAP-TLS（Transport Layer Security）



EAP-TTLS（Tunneled Transport Layer Security）



PEAP（Protected Extensible Authentication Protocol）

They will be described in detail in the following part.

Attention:



The switch, as the access controlling unit of Pass-through, will not check the content of a particular

EAP method, so can support all the EAP methods above and all the EAP authentication methods

that may be extended in the future.



In EAP relay, if any authentication method in EAP-MD5, EAP-TLS, EAP-TTLS and PEAP is

adopted, the authentication methods of the supplicant system and the RADIUS server should be