Filter
Top Products
1-6
z EAP-TTLS is a kind of extended EAP-TLS. EAP-TLS implements bidirectional authentication
between the client and authentication server. EAP-TTLS transmit message using a tunnel
established using TLS.
z PEAP creates and uses TLS security channels to ensure data integrity and then performs new EAP
negotiations to verify supplicant systems.
Figure 1-8 describes the basic EAP-MD5 authentication procedure.
Figure 1-8 802.1x authentication procedure (in EAP relay mode)
Supplicant System
PAE
RADUIS
server
EAPOL
EAPOR
EAPOL-Start
EAP-Request / Identity
EAP-Response / Identity
EAP-Request / MD5 challenge
EAP-Success
EAP-Response / MD5 challenge
RADIUS Access-Request
(EAP-Response / Identity)
RADIUS Access-Challenge
(EAP-Request / MD5 challenge)
RADIUS Access-Accept
(EAP-Success)
RADIUS Access-Request
(EAP-Response / MD5 challenge)
Port authorized
Handshake timer
Handshake request
[ EAP-Request / Identity ]
Handshake response
[ EAP-Response / Identity ]
EAPOL-Logoff
......
Port unauthorized
Authenticator System
PAE
The detailed procedure is as follows:
z A supplicant launches an iNode client, and then provides the valid user name and password on the
iNode client to initiate a connection request. In this case, the iNode client program sends the
connection request (the EAPoL-start packet) to the device to start the authentication process.
z Upon receiving the authentication request packet, the device sends an EAP-request/identity
packet to ask the iNode client for the user name.
z The iNode client responds by sending an EAP-response/identity packet to the device with the user
name contained in it. The device then encapsulates the packet in a RADIUS Access-Request
packet and forwards it to the RADIUS server.
z Upon receiving the packet from the device, the RADIUS server retrieves the user name from the
packet, finds the corresponding password by matching the user name in its database, encrypts the