Manualsbrain.com
  1. Manuels
  2. Marques
  3. 3com
  4. WX3000
  5. Manuel D’Utilisation

3com WX3000 Manuel D’Utilisation

Télécharger
Page de 715
 
1-5 
Fields added for EAP authentication 
Two fields, EAP-message and Message-authenticator, are added to a RADIUS protocol packet for EAP 
authentication. (Refer to the Introduction to RADIUS protocol section in the AAA Operation Manual for 
information about the format of a RADIUS protocol packet.) 
The EAP-message field, whose format is shown in 
, is used to encapsulate EAP packets. The 
maximum size of the string field is 253 bytes. EAP packets with their size larger than 253 bytes are 
fragmented and are encapsulated in multiple EAP-message fields. The type code of the EAP-message 
field is 79. 
Figure 1-6 The format of an EAP-message field 
 
 
The Message-authenticator field, whose format is shown in 
, is used to prevent unauthorized 
interception to access requesting packets during authentications using CHAP, EAP, and so on. A packet 
with the EAP-message field must also have the Message-authenticator field. Otherwise, the packet is 
regarded as invalid and is discarded. 
Figure 1-7 The format of an Message-authenticator field 
 
 
802.1x Authentication Procedure 
The device can authenticate supplicant systems in EAP terminating mode or EAP relay mode. 
EAP relay mode 
This mode is defined in 802.1x. In this mode, EAP-packets are encapsulated in higher level protocol 
(such as EAPoR) packets to enable them to successfully reach the authentication server. Normally, this 
mode requires that the RADIUS server support the two newly-added fields: the EAP-message field 
(with a value of 79) and the Message-authenticator field (with a value of 80). 
Four authentication ways, namely EAP-MD5, EAP-TLS (transport layer security), EAP-TTLS (tunneled 
transport layer security), and PEAP (protected extensible authentication protocol), are available in the 
EAP relay mode. 
EAP-MD5 authenticates the supplicant system. The RADIUS server sends MD5 keys (contained in 
EAP-request/MD5 challenge packets) to the supplicant system, which in turn encrypts the 
passwords using the MD5 keys. 
EAP-TLS allows the supplicant system and the RADIUS server to check each other’s security 
certificate and authenticate each other’s identity, guaranteeing that data is transferred to the right 
destination and preventing data from being intercepted.