Manualsbrain.com
  1. Manuals
  2. Brands
  3. 3com
  4. WX3000
  5. User Manual

3com WX3000 User Manual

Download
Page of 715
 
1-3 
The Mechanism of an 802.1x Authentication System 
IEEE 802.1x authentication uses the extensible authentication protocol (EAP) to exchange information 
between supplicant systems and the authentication servers. To be compatible with 802.1X in a LAN 
environment, the client program must support the Extensible Authentication Protocol over LAN 
(EAPoL). 
Figure 1-2 The mechanism of an 802.1x authentication system 
 
 
EAP protocol packets transmitted between the supplicant system PAE and the authenticator 
system PAE are encapsulated as EAPoL packets. 
EAP protocol packets transmitted between the authenticator system PAE and the RADIUS server 
can either be encapsulated as EAP over RADIUS (EAPoR) packets or be terminated at system 
PAEs. The system PAEs then communicate with RADIUS servers through password 
authentication protocol (PAP) or challenge-handshake authentication protocol (CHAP) packets. 
When a supplicant system passes the authentication, the authentication server passes the 
information about the supplicant system to the authenticator system. The authenticator system in 
turn determines the state (authorized or unauthorized) of the controlled port according to the 
instructions (accept or reject) received from the RADIUS server. 
Encapsulation of EAPoL Messages 
The format of an EAPoL packet 
EAPoL is a packet encapsulation format defined in 802.1x. To enable EAP protocol packets to be 
transmitted between supplicant systems and authenticator systems through LANs, EAP protocol 
packets are encapsulated in EAPoL format. The following figure illustrates the structure of an EAPoL 
packet. 
Figure 1-3 The format of an EAPoL packet 
 
 
In an EAPoL packet: 
The PAE Ethernet type field holds the protocol identifier. The identifier for 802.1x is 0x888E. 
The Protocol version field holds the version of the protocol supported by the sender of the EAPoL 
packet. 
The Type field can be one of the following: 
00: Indicates that the packet is an EAP-packet, which carries authentication information. 
01: Indicates that the packet is an EAPoL-start packet, which initiates the authentication. 
02: Indicates that the packet is an EAPoL-logoff packet, which sends logging off requests.