Manualsbrain.com
  1. Manuals
  2. Brands
  3. 3com
  4. S7906E
  5. Installation Instruction

3com S7906E Installation Instruction

Download
Page of 2621
 
1-7 
Figure 1-8 802.1X authentication procedure in EAP relay mode  
EAPOL
EAPOR
EAPOL-Start
EAP-Request / Identity
EAP-Response / Identity
EAP-Request / MD5 challenge
EAP-Success
EAP-Response / MD5 challenge
RADIUS Access-Request
(EAP-Response / Identity)
RADIUS Access-Challenge
(EAP-Request / MD5 challenge)
RADIUS Access-Accept
(EAP-Success)
RADIUS Access-Request
(EAP-Response / MD5 challenge)
Handshake request
( EAP-Request / Identity )
Handshake response
( EAP-Response / Identity )
EAPOL-Logoff
......
Client
Device
Server
Port authorized
Handshake timer
Port unauthorized
 
 
2)  When a user launches the 802.1X client software and enters the registered username and 
password, the 802.1X client software generates an EAPOL-Start packet and sends it to the device 
to initiate an authentication process.  
3)  Upon receiving the EAPOL-Start packet, the device responds with an EAP-Request/Identity packet 
for the username of the client. 
4)  When the client receives the EAP-Request/Identity packet, it encapsulates the username in an 
EAP-Response/Identity packet and sends the packet to the device. 
5)  Upon receiving the EAP-Response/Identity packet, the device relays the packet in a RADIUS 
Access-Request packet to the authentication server. 
6)  When receiving the RADIUS Access-Request packet, the RADIUS server compares the identify 
information against its user information database to obtain the corresponding password 
information. Then, it encrypts the password information using a randomly generated challenge, 
and sends the challenge information through a RADIUS Access-Challenge packet to the device.  
7)  After receiving the RADIUS Access-Challenge packet, the device relays the contained 
EAP-Request/MD5 Challenge packet to the client. 
8)  When receiving the EAP-Request/MD5 Challenge packet, the client uses the offered challenge to 
encrypt the password part (this process is not reversible), creates an EAP-Response/MD5 
Challenge packet, and then sends the packet to the device. 
9)  After receiving the EAP-Response/MD5 Challenge packet, the device relays the packet in a 
RADIUS Access-Request packet to the authentication server.