HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 74
X authentication procedure in EAP relay mode
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 74 highlights
Figure 30 802.1X authentication procedure in EAP relay mode Client Device EAPOL EAPOR Authentication server (1) EAPOL-Start (2) EAP-Request/Identity (3) EAP-Response/Identity (6) EAP-Request/MD5 challenge (7) EAP-Response/MD5 challenge (10) EAP-Success (4) RADIUS Access-Request (EAP-Response/Identity) (5) RADIUS Access-Challenge (EAP-Request/MD5 challenge) (8) RADIUS Access-Request (EAP-Response/MD5 challenge) (9) RADIUS Access-Accept (EAP-Success) Port authorized (11) EAP-Request/Identity (12) EAP-Response/Identity ... (13) EAPOL-Logoff Port unauthorized (14) EAP-Failure 1. When a user launches the 802.1X client software and enters a registered username and password, the 802.1X client software sends an EAPOL-Start packet to the network access device. 2. The network access device responds with an Identity EAP-Request packet to ask for the client username. 3. In response to the Identity EAP-Request packet, the client sends the username in an Identity EAP-Response packet to the network access device. 4. The network access device relays the Identity EAP-Response packet in a RADIUS Access-Request packet to the authentication server. 5. The authentication server uses the identity information in the RADIUS Access-Request to search its user database. If a matching entry is found, the server uses a randomly generated challenge (EAP-Request/MD5 challenge) to encrypt the password in the entry, and sends the challenge in a RADIUS Access-Challenge packet to the network access device. 6. The network access device relays the EAP-Request/MD5 Challenge packet in a RADIUS Access-Request packet to the client. 7. The client uses the received challenge to encrypt the password, and sends the encrypted password in an EAP-Response/MD5 Challenge packet to the network access device. 8. The network access device relays the EAP-Response/MD5 Challenge packet in a RADIUS Access-Request packet to the authentication server. 65