Figure 24 Authorization state of a controlled port
802.1X-related protocols
802.1X uses EAP to transport authentication information for the client, the network access device, and
the authentication server. EAP is an authentication framework that uses the client/server model. It
supports a variety of authentication methods, including MD5-Challenge, EAP-TLS, and PEAP.
802.1X defines EAPOL for passing EAP packets between the client and the network access device over
a wired or wireless LAN. Between the network access device and the authentication server, 802.1X
delivers authentication information through one of the following methods:
Encapsulates EAP packets in RADIUS by using EAPOR, as described in
•
Extracts authentication information from the EAP packets and encapsulates the information in
•
standard RADIUS packets, as described in
Packet formats
EAP packet format
Figure 25
shows the EAP packet format.
Figure 25 EAP packet format
0
Code
Code—Type of the EAP packet. Options include Request (1), Response (2), Success (3), or Failure
•
(4).
Identifier—Used for matching responses with requests.
•
Length—Length (in bytes) of the EAP packet, which is the sum of the Code, Identifier, Length, and
•
Data fields.
7
15
Identifier
Length
Data
"EAP
termination."
2
4
N
64
"EAP
relay."