• Re-Authenticating a Port• Configuring Dynamic VLAN Assignment with Port Authentication• Guest and Authentication-Fail VLANs• Multi-Host Authentication• Multi-Supplicant Authentication• MAC Authentication Bypass• Dynamic CoS with 802.1XPort-Authentication ProcessThe authentication process begins when the authenticator senses that a link status has changed from down to up:1 When the authenticator senses a link state change, it requests that the supplicant identify itself using an EAP Identity Request frame.2 The supplicant responds with its identity in an EAP Response Identity frame.3 The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame andforwards the frame to the authentication server.4 The authentication server replies with an Access-Challenge frame. The Access-Challenge frame requests the supplicant to prove thatit is who it claims to be, using a specified method (an EAP-Method). The challenge is translated and forwarded to the supplicant bythe authenticator.5 The supplicant can negotiate the authentication method, but if it is acceptable, the supplicant provides the Requested Challengeinformation in an EAP response, which is translated and forwarded to the authentication server as another Access-Request frame.6 If the identity information provided by the supplicant is valid, the authentication server sends an Access-Accept frame in whichnetwork privileges are specified. The authenticator changes the port state to authorized and forwards an EAP Success frame. If theidentity information is invalid, the server sends an Access-Reject frame. If the port state remains unauthorized, the authenticatorforwards an EAP Failure frame.Figure 5. EAP Port-Authentication86 802.1X