Manualsbrain.com
  1. Manuels
  2. Marques
  3. 3com
  4. WX3000
  5. Manuel D’Utilisation

3com WX3000 Manuel D’Utilisation

Télécharger
Page de 715
 
1-8 
Figure 1-9 802.1x authentication procedure (in EAP terminating mode) 
Supplicant 
system  
PAE
Authenticator 
system PAE
RADIUS server
EAPOL
RADIUS
EAPOL- Start
EAP- Request /Identity
EAP- Response /Identity
EAP- Request / MD5 Challenge
EAP- Success
EAP- Response /MD5 Challenge
RADIUS Access-Request
( CHAP- Response /MD5 Challenge)
RADIUS Access- Accept
( CHAP - Success )
Port 
authorized
Handshake timer
Handshake request
[EAP- Request /Identity]
Handshake response
[EAP- Response /Identity]
EAPOL- Logoff
......
Port 
unauthorized
 
 
The authentication procedure in EAP terminating mode is the same as that in the EAP relay mode 
except that the randomly-generated key in the EAP terminating mode is generated by the device, and 
that it is the device that sends the user name, the randomly-generated key, and the supplicant 
system-encrypted password to the RADIUS server for further authentication. 
Timers Used in 802.1x 
In 802.1 x authentication, the following timers are used to ensure that the supplicant system, the device, 
and the RADIUS server interact in an orderly way. 
Handshake timer (handshake-period). This timer sets the handshake-period and is triggered after 
a supplicant system passes the authentication. It sets the interval for the device to send handshake 
request packets to online users. You can set the number of retries by using the dot1x retry 
command. An online user will be considered offline when the device has not received any response 
packets after a certain number of handshake request transmission retries. 
Quiet-period timer (quiet-period). This timer sets the quiet-period. When a supplicant system fails 
to pass the authentication, the device quiets for the set period (set by the quiet-period timer) before 
it processes another authentication request re-initiated by the supplicant system. During this quiet 
period, the device does not perform any 802.1x authentication-related actions for the supplicant 
system.  
Re-authentication timer (reauth-period). The device will initiate 802.1x re-authentication at the 
interval set by the re-authentication timer.