3com 4210 PWR 9-Port 3CR17341-91-ME User Manual
Product codes
3CR17341-91-ME
Introduction to 802.1x
215
■
The Length field indicates the size of an EAP packet, which includes the Code,
Identifier, Length, and Data fields.
Identifier, Length, and Data fields.
■
The Data field contains information about an EAP packet. Its format is different
than the Code field.
than the Code field.
A Success or Failure packet does not contain the Data field, so the Length field of
it is 4.
it is 4.
Figure 69 shows the format of the Data field of a Request packet or a Response
packet.
packet.
Figure 69 The format of the Data field of a Request packet or a Response packet
■
The Type field indicates the EAP authentication type. A value of 1 indicates
Identity and that the packet is used to query the identity of the peer. A value of
4 represents MD5-Challenge (similar to PPP CHAP) and indicates that the
packet includes query information.
Identity and that the packet is used to query the identity of the peer. A value of
4 represents MD5-Challenge (similar to PPP CHAP) and indicates that the
packet includes query information.
■
The Type Date field differs with types of Request and Response packets.
Newly added fields for EAP authentication
Two fields, EAP-message and Message-authenticator, are added to a RADIUS
protocol packet for EAP authentication.
protocol packet for EAP authentication.
The EAP-message field, whose format is shown in Figure 70, is used to
encapsulate EAP packets. The maximum size of the string field is 253 bytes. EAP
packets with their size larger than 253 bytes are fragmented and are encapsulated
in multiple EAP-message fields. The type code of the EAP-message field is 79.
encapsulate EAP packets. The maximum size of the string field is 253 bytes. EAP
packets with their size larger than 253 bytes are fragmented and are encapsulated
in multiple EAP-message fields. The type code of the EAP-message field is 79.
Figure 70 The format of an EAP-message field
The Message-authenticator field, whose format is shown in Figure 71, is used to
prevent unauthorized interception to access requesting packets during
authentications using CHAP, EAP, and so on. A packet with the EAP-message field
must also have the Message-authenticator field. Otherwise, the packet is regarded
as invalid and is discarded.
prevent unauthorized interception to access requesting packets during
authentications using CHAP, EAP, and so on. A packet with the EAP-message field
must also have the Message-authenticator field. Otherwise, the packet is regarded
as invalid and is discarded.
Figure 71 The format of an Message-authenticator field
0
N
Type
Type data
7
0
15
Type
String
7
Length
N
EAP packets
0
2
Type
String
1
Length
18 bytes