1x authentication process, Eapol message exchange – HP 445946-001 User Manual

Port-based Network Access and traffic control

48

802.1x authentication process

The clients and authenticators communicate using Extensible Authentication Protocol (EAP), which was

originally designed to run over PPP, and for which the IEEE 802.1x Standard has defined an

encapsulation method over Ethernet frames, called EAP over LAN (EAPOL).
The following figure shows a typical message exchange initiated by the client.

Figure 2

Using EAPoL to authenticate a port

EAPoL Message Exchange

During authentication, EAPOL messages are exchanged between the client and the switch authenticator,

while RADIUS-EAP messages are exchanged between the switch authenticator and the Radius

authentication server.
Authentication is initiated by one of the following methods:
Switch authenticator sends an EAP-Request/Identity packet to the client.
Client sends an EAPOL-Start frame to the switch authenticator, which responds with an EAP-

Request/Identity frame.
The client confirms its identity by sending an EAP-Response/Identity frame to the switch authenticator,

which forwards the frame encapsulated in a RADIUS packet to the server.