2-6Unsolicited triggering of a clientA client initiates authentication by sending an EAPOL-Start frame to the device. The destinationaddress of the frame is 01-80-C2-00-00-03, the multicast address specified by the IEEE 802.1Xprotocol.Some devices in the network may not support multicast packets with the above destination address,causing the authentication device unable to receive the authentication request of the client. To solvethe problem, the device also supports EAPOL-Start frames whose destination address is a broadcastMAC address. In this case, the iNode 802.1X client is required.Unsolicited triggering of the deviceThe device can trigger authentication by sending EAP-Request/Identity packets to unauthenticatedclients periodically (every 30 seconds by default). This method can be used to authenticate clientswhich cannot send EAPOL-Start frames and therefore cannot trigger authentication, for example, the802.1X client provided by Windows XP.Authentication Process of 802.1XAn 802.1X device communicates with a remotely located RADIUS server in two modes: EAP relay andEAP termination. The following description takes the EAP relay as an example to show the 802.1Xauthentication process.EAP relayEAP relay is an IEEE 802.1X standard mode. In this mode, EAP packets are carried in an upper layerprotocol, such as RADIUS, so that they can go through complex networks and reach the authenticationserver. Generally, EAP relay requires that the RADIUS server support the EAP attributes ofEAP-Message and Message-Authenticator, which are used to encapsulate EAP packets and protectRADIUS packets carrying the EAP-Message attribute respectively.Figure 2-8 shows the message exchange procedure with EAP-MD5.