1-8Figure 1-8 Message exchange in EAP termination modeEAPOL EAPOREAPOL-StartEAP-Request / IdentityEAP-Response / IdentityEAP-Request / MD5 challengeEAP-SuccessEAP-Response / MD5 challengeHandshake request[ EAP-Request / Identity ]Handshake response[ EAP-Response / Identity ]EAPOL-Logoff......Client Device ServerPort authorizedHandshake timerPort unauthorizedRADIUS Access-Request(CHAP-Response / MD5 challenge)RADIUS Access-Accept(CHAP-Success)Different from the authentication process in EAP relay mode, it is the device that generates the randomchallenge for encrypting the user password information in EAP termination authentication process.Consequently, the device sends the challenge together with the username and encrypted passwordinformation from the client to the RADIUS server for authentication.802.1X TimersThis section describes the timers used on an 802.1X device to guarantee that the client, the device, andthe RADIUS server can interact with each other in a reasonable manner.z Username request timeout timer (tx-period): The device starts this timer when it sends anEAP-Request/Identity frame to a client. If it receives no response before this timer expires, thedevice retransmits the request. When cooperating with a client that sends EAPOL-Start requestsonly when requested, the device multicasts EAP-Request/Identity frames to the client at an intervalset by this timer.z Client timeout timer (supp-timeout): Once a device sends an EAP-Request/MD5 Challenge frameto a client, it starts this timer. If this timer expires but it receives no response from the client, itretransmits the request.z Server timeout timer (server-timeout): Once a device sends a RADIUS Access-Request packet tothe authentication server, it starts this timer. If this timer expires but it receives no response fromthe server, it retransmits the request.