Blade ICE G8000 Manual

A SERVICE OF

next previous

RackSwitch G8000 Application Guide

Chapter 2: Port-based Network Access Control

 41BMD00041, November 2008

802.1X authentication process

The clients and authenticators communicate using Extensible Authentication Protocol (EAP),

which was originally designed to run over PPP, and for which the IEEE 802.1X Standard has

defined an encapsulation method over Ethernet frames, called EAP over LAN (EAPOL).

Figure 2-1 shows a typical message exchange initiated by the client.

Figure 2-1 Authenticating a Port Using EAPoL

802.1X Client

RADIUS

Server

Radius-Access-Request

Radius-Access-Challenge

Radius-Access-Request

Radius-Access-Accept

EAP-Request (Credentials)

EAP-Response (Credentials)

EAP-Success

EAP-Request (Identity)

EAP-Response (Identity)

EAPOL-Start

Port Authorized

Port Unauthorized

G8000

(Authenticator)

(RADIUS Client)

EAPOL

Ethernet

RADIUS-EAP

UDP/IP