E rThis mo(with a valutran ble Authentication Protocol (PEAP), are available in them, which in turn encrypts thes securityransferred to the rightimplements bidirectional authenticationit message using a tunnelperforms new EAPAP elay modede is defined in 802.1x. In this mode, EAP packets are encapsulated in higher level protocol(such as EAPoR) packets to enable them to successfully reach the authentication server. Normally, thismode requires that the RADIUS server support the two newly-added fields: the EAP-message fielde of 79) and the Message-authenticator field (with a value of 80).Four authentication ways, namely EAP-MD5, EAP-TLS (transport layer security), EAP-TTLS (tunneledsport layer security), and Protected ExtensiEAP relay mode.z EAP-MD5 authenticates the supplicant system. The RADIUS server sends MD5 keys (contained inEAP-request/MD5 challenge packets) to the supplicant systepasswords using the MD5 keys.z EAP-TLS allows the supplicant system and the RADIUS server to check each other’certificate and authenticate each other’s identity, guaranteeing that data is tdestination and preventing data from being intercepted.z EAP-TTLS is a kind of extended EAP-TLS. EAP-TLSbetween the client and authentication server. EAP-TTLS transmestablished using TLS.z PEAP creates and uses TLS security channels to ensure data integrity and thennegotiations to verify supplicant systems.Figure 28-8 describes the basic EAP-MD5 authentication procedure.Figure 28-8 802.1x authentication procedure (in EAP relay mode)Supplicant systemPAERADUISserverEAPOL EAPOREAPOL- StartEAP- Request /IdentityEAP- Response / IdentityEAP- Request / MD5 challengeEAP-SuccessEAP- Response / MD5 challengeRADIUS Access - Request(EAP- Response / Identity)RADIUS Access -Challenge( EAP- Request /MD5 challenge)RADIUS Access -AcceptRADIUS Access - Request( EAP- Response /MD5 challenge)(EAP-Success)Port authorizedHandshake timerHandshake request[ EAP- Request / Identity]Handshake response[ EAP- Response / Identity]EAPOL-Logoff......Port unauthorizedAuthenticator systemPAE28-6
